<<<>>> Trend Micro, Inc. January 24, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Email Inspector 2.5 Service Pack 1 Critical Patch - Build 1178 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents =================================================================== 1. Critical Patch Release Information 1.1 Issues 1.2 Files Included in this Release 2. Documentation Set 3. System Requirements 4. Installation/Uninstallation 4.1 Installation 4.2 Uninstallation 5. Post-installation Configuration 6. Known Issues 7. Release History 7.1 Prior Hot Fixes/Critical Patches 8. Contact Information 9. About Trend Micro 10. License Agreement =================================================================== 1. Critical Patch Release Information ======================================================================= 1.1 Issues ==================================================================== This Critical Patch resolves the following issues: Issue: Deep Discovery Email Inspector has some user interface (UI) vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This critical patch resolves these user interface (UI) vulnerabilities to improve the security of the front-end user interface. Issue: Some pages have not implemented user authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This critical patch added user authentication for those pages to improve the security of the front-end interface. 1.2 Files Included in this Release ==================================================================== A. Files for Current Issues -------------------------------------------------------------------- Filename Build No. -------------------------------------------------------------------- ddei_25_sp1_lx_en_criticalpatch1178.tgz.tar 1178 B. Files for Previous Issues -------------------------------------------------------------------- Not applicable 2. Documentation Set ======================================================================= To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining Deep Discovery Email Inspector. To access the Online Help, go to http://docs.trendmicro.com - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining Deep Discovery Email Inspector. - Quick Start Card (QSC): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get Deep Discovery Email Inspector "up and running". - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 3. System Requirements ======================================================================= Trend Micro recommends installing this hotfix only on the EN version of Deep Discovery Email Inspector 2.5.1 Build 1118. 4. Installation ======================================================================= This section explains key steps for installing the hotfix. 4.1 Installing ==================================================================== To install: 1. Click "Administration > Product Updates > Hot Fixes / Patches". The "Hot Fixes / Patches" screen appears. 2. Click "Browse" and select the "ddei_25_sp1_lx_en_criticalpatch1178.tgz.tar" critical patch file. 3. Click "Apply". 4. Verify that the hotfix has been successfully installed. a. Click "Administration > Product Updates > Hot Fixes / Patches". In the "History" table, verify that "Build" is "1178" and "Description" is "Critical patch 1178". b. Click "Help > About". The "About" screen appears. c. Verify that "Hot fix" is "1178". Note: The software version of the device will NOT change after applying this hotfix. Deep Discovery Email Inspector will restart automatically after hotfix installation. 5. Clean the browser cache. 4.2 Uninstalling ==================================================================== To roll back to the previous build: 1. Click "Administration > Product Updates > Hot Fixes / Patches". The "Hot Fixes / Patches" screen appears. 2. Click "Roll Back". 3. Verify that the hotfix has been successfully uninstalled. a. After Deep Discovery Email Inspector restarts, verify that the hotfix number has been removed from the "About" screen on the management console. b. Click "Administration > Product Updates > Hot Fixes / Patches". The "History" table should be empty. NOTE: Deep Discovery Email Inspector will restart automatically after hotfix uninstallation. 5. Post-Installation Configuration ======================================================================= No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================= There are no known issues for this hotfix release. 7. Release History ======================================================================= For more information about updates to this product, go to: http://www.trendmicro.com/download 7.1 Prior Hotfixes ==================================================================== NOTE: Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release. Hotfix 1121 Enhancement: This hotfix adds a hidden configuration page to allow users to disable the detection log upload to Trend Micro Control Manager(TM). Procedure: To disable the detection log upload to Control Manager: a. Access "https://DDEI/hidden/rdqa.php" through a web browser window and login in using a valid account and password. b. Go to the "Internal Support and Testing > TMCM Setting" page. c. Select the corresponding checkbox. d. Click "Save". Hotfix 1124 Issue: Deep Discovery Email Inspector may not be able to scan PDF files that are encrypted with "document opening require password" or "require password for other actions" protection because it cannot distinguish these two types from each other. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix enables Deep Discovery Email Inspector to distinguish between a PDF file that has been encrypted with "document opening require password" protection and one with "require password for other actions" protection. Enhancement 1: This hotfix updates the Usandbox module to enable it to support cmd and bat script file types. Enhancement 2: This hotfix enables the "Image Import Tool" to import images that are between 10 to 12 GB in size successfully. Hotfix 1131 Issue: A browser compatibility issue prevents some contents of the Blocking and Warning Pages of the Deep Discovery Email Inspector web console from displaying correctly in Microsoft(TM) Internet Explorer(TM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix ensures that the Blocking and Warning Pages display normally in Internet Explorer. Hotfix 1134 Issue: Deep Discovery Email Inspector still attempts to insert an end stamp to email messages that do not contain an email body. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix prevents Deep Discovery Email Inspector from inserting an end stamp to email messages that do not have an email body. Hotfix 1136 Issue 1: When Deep Discovery Email Inspector checks user- specified recipient email addresses for notification and reports recipients, it may treat certain internal domain email addresses as invalid. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the checking logic to ensure that it can correctly recognize and allow the affected internal domain addresses. Issue 2: When users add objects in the "Policy > Exceptions" page, the time information is displayed in UTC time instead of in the local time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that the "Exceptions" page displays time information in the local time. Issue 3: Sometimes, Deep Discovery Email Inspector cannot translate the NIC name from "em" to "eth", which may prevent it from starting successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the NIC translation issue to ensure that Deep Discovery Email Inspector can start up successfully. Hotfix 1138 Issue 1: Users encounter a web browser compatibility issue while accessing the Blocking and Warning Pages of the Deep Discovery Email Inspector console in Internet Explorer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue to ensure that users can access the Blocking and Warning Pages of the Deep Discovery Email Inspector console in Internet Explorer. Issue 2: When an email message contains two same malicious file attachments, Deep Discovery Email Inspector removes just one of the attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that Deep Discovery Email Inspector removes all malicious file attachments from email messages. Issue 3: When users log on to the After Deep Discovery Email Inspector web console by Single Sign-On (SSO) from the Control Manager console, they may encounter a "Permission denied" message while attempting to access certain pages of the Deep Discovery Email Inspector web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that users can access the pages of the Deep Discovery Email Inspector web console through SSO from Control Manager normally. Hotfix 1142 Enhancement 1: This hotfix updates the Usandbox module. Enhancement 2: This hotfix enables the "EnablePauseVM" setting in the sandbox module to prevent it from triggering the "Virtual Analyzer Stopped" alert in certain scenarios. Hotfix 1144 Issue: Deep Discovery Email Inspector may not be able to recognize some email formats that prevents it from parsing the attachments or URLs of specially formatted email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix enables Deep Discovery Email Inspector to parse attachments and URLs in email messages that follow certain special formats. Enhancement 1: This hotfix updates the TmMsg module to recognize email formats that contain strings after the last boundary. Enhancement 2: This hotfix optimizes the Threat Connect hyperlink to ensure that it redirects to the correct page. Hotfix 1151 Issue 1: The "Msgtracing" page of Deep Discovery Email Inspector sometimes does not show the email log with "no risk" level. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that the "Msgtracing" page shows all the email logs, including the "no risk" email log. Issue 2: Deep Discovery Email Inspector sometimes restarts unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix disables the Huge Pages parameter of Java to avoid the unexpected system restart. Issue 3: Deep Discovery Email Inspector sometimes cannot handle some shortened URLs correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix enhances the logic of the URL extractor part to handle special shortened URLs. Hotfix 1159 Enhancement 1: This hotfix fixed some user interface (UI) vulnerabilities to improve the security of the front- end interface. Enhancement 2: This hotfix enhances the scanning workflow so that Deep Discovery Email Inspector (DDEI) could extract files linked and embedded in Microsoft(TM) Office(TM) files and then send these onto Virtual Analyzer if the true file type is supported and selected. Hotfix 1165 Issue: Deep Discovery Email Inspector fails to parse encrypted PDF samples consisting of image files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix enables Deep Discovery Email Inspector to parse encrypted PDF samples consisting of image files. Enhancement 1: This hotfix adds a hyperlink to allow users to download quarantined emails detected as malformed. Hotfix 1173 Enhancement 1: This hotfix modifies the CPU alert mechanism to avoid incorrect declarations. Enhancement 2: This hotfix adds a logic that filters exception configurations synchronized with Control Manager. Enhancement 3: This hotfix updates the Usandbox module to enable it to support Scalable Vector Graphics (SVG) and Microsoft(TM) Publisher 2016 file types. 8. Contact Information ======================================================================= A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================= Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, Control Manager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ======================================================================= View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide