<> Trend Micro, Inc. December 30, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ServerProtect(TM) for Linux(TM) 3.0 Service Pack 1 Patch 7 - Build 1505 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at: http://docs.trendmicro.com/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: http://olr.trendmicro.com/ Contents =================================================================== 1. About ServerProtect for Linux 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 5.1 Installation 5.2 Uninstallation 6. Post-Installation Configuration 7. Known Issues 8. Release History 8.1 Patch 1 8.2 Patch 2 8.3 Patch 3 8.4 Patch 4 8.5 Patch 5 8.6 Patch 6 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About ServerProtect for Linux ======================================================================== ServerProtect for Linux provides comprehensive protection against computer viruses/spywares, Trojans, worms, and other security risks for file servers based on the Linux operating system. Managed through an intuitive, portable web-based console or Linux command line console, ServerProtect provides centralized virus scanning, pattern updates, event reporting, and antivirus configuration. Award: Winner of SYS-CON Linux and Enterprise Open Source Readers' Choice Award Certification: ServerProtect for Linux 3.0 fully supports Novell(R) OES2 and is Novell YES certified for the following: o 32-bit operating systems (See http://developer.novell.com/yes/92344.htm) o 64-bit operating systems (See http://developer.novell.com/yes/92345.htm) 1.1 Overview of this Release ===================================================================== Patch 7 resolves issues found in ServerProtect for Linux 3.0 after the release Service Pack 1 Patch 6. Refer to the "What's New" section for enhancements implemented in this release. 1.2 Who Should Install this Release ===================================================================== You should install this patch release if you are currently running any ServerProtect for Linux 3.0 package released before Patch 7. 2. What's New ======================================================================== This release incorporates all previous hotfixes since the release of ServerProtect for Linux 3.0. Note: Please install this Patch before completing any procedures in this section (see "Installation"). This Patch addresses the following issues and includes the following enhancements: 2.1 New Enhancements ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 7 includes the following enhancements: Enhancement 1: Kernel Hooking Module Source Code - This Patch updates the Kernel Hooking Module (KHM) source code to version 3.0.1.0016. Refer to the following website for more information about the latest KHM source code: http://downloadcenter.trendmicro.com/ index.php?clk=tbl&clkval=111®s=NABU&lang_loc =1#undefined Enhancement 2: Apache(TM) Server - This Patch updates the Apache server to version 2.2.31, and the OpenSSL module in the Apache server to version 1.0.2j. Enhancement 3: Trend Micro Control Manager(TM) Agent SDK - This Patch upgrades the Trend Micro Control Manager (TM) Agent SDK of 32-bit ServerProtect to version 5.0.0.2188 and upgrades the Trend Micro Control Manager(TM) Agent SDK of 64-bit ServerProtect to version 5.0.0.2179. Enhancement 4: Web Server Certificate - This Patch creates a new certificate with SHA 256 signature algorithm. Enhancement 5: Encryption Components - This Patch replaces JAVA Applet Encryption components of Web Console with the AES 256 encryption algorithm of Crypto-JS. The passwords of the email account, proxy account, and Trend Micro Control Manager registration account will be encrypted using AES 256 encryption algorithm. Enhancement 6: Logon Protection - If you fail to type the correct logon password five times within 15 minutes, your account will be locked 30 minutes. Enhancement 7: Password Management - If you set a new password, it must be a combination of at least three types of the following: uppercase letters, lowercase letters, numbers and special characters. Any of the ten most recent passwords cannot be reused. Enhancement 8: TMNotify Module - The TMNotify module has been upgraded to version 1.3.0.1077 to send email notifications with correct time zones. 2.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 7 resolves the following issues: Issue 1: The Linux system stops responding when ServerProtect for Linux 3.0 stops unexpectedly due to deadlock issues in the kernel space. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1062/1464] This patch ensures that the Linux system still runs normally when ServerProtect for Linux 3.0 stops unexpectedly. Issue 2: Sometimes, the strtok function triggers ServerProtect for Linux 3.0 to stop unexpectedly. This occurs because this function is not thread-safe. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1063/1464] This patch resolves this issue by enabling ServerProtect for Linux 3.0 to switch to a thread-safe function. Issue 3: When the manual scan and scheduled scan processes detect a virus, ServerProtect for Linux sends a Simple Network Management Protocol (SNMP) message with the "tpNormalEvent" type. This is a problem since this is the same message type used for unsuccessful updates of pattern files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1063/1465] This patch resolves the issue so that ServerProtect for Linux sends a "tpVirusEvent" message when the manual scan and scheduled scan processes detect a virus, and ServerProtect for Linux sends a "tpUpdateEvent" message for unsuccessful pattern file updates. Issue 4: ServerProtect for Linux 3.0 converts file names in virus logs to "UCS-4" before sending these logs to Trend Micro Control Manager(TM). Sometimes, ServerProtect for Linux 3.0 encounters an exception error that can trigger the process "entity" to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1063/1466] This patch enables ServerProtect for Linux 3.0 to catch the exception to avoid this issue. Issue 5: When Real-Time Scan is enabled in ServerProtect for Linux, the operating system (OS) may stop responding when accessing files in a shared folder through a mounted network drive (NFS). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1063/1467] This patch ensures that enabling Real-Time Scan in ServerProtect for Linux 3.0 does not cause the operating system to stop unexpectedly when accessing files in a shared folder through a mounted network drive. Issue 6: ServerProtect for Linux 3.0 may not be able to verify the certificate of the AU Server. When this happens, it cannot update pattern and engine files with AU. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1478] This patch resolves the issue by updating the AU module to enable it to verify the certificate of the AU Server successfully. Issue 7: The "viewlog.cgi" file in ServerProtect for Linux 3.0 is affected by an XSS vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Critical Patch 1064/1473] This patch resolves this XSS vulnerability by adding a checking mechanism to ensure that the data for the HTTP GET/POST method is in the correct format. Issue 8: The "vsapiapp" process of ServerProtect for Linux 3.0 may stop unexpectedly while calling the "pthread_kill" process using a thread that has already exited. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hotfix 1067/1485] This patch resolves the issue by making sure that the "vsapiapp" process calls the "pthread_kill" API using an active thread. Issue 9: ServerProtect is affected by CVE-2016-5387: Apache Server does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This Patch lets Apache Server ignore the "Proxy" HTTP header, because this header is not used in ServerProtect. Issue 10: ServerProtect is affected by CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This Patch disables the DES and Triple DES ciphers of Apache Server. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Getting Started Guide -- product overview, installation planning, installation steps and basic information intended to help you deploy ServerProtect for Linux smoothly. o Administration Guide -- Provides post-installation instructions on how to configure the settings to help you get ServerProtect for Linux "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of ServerProtect for Linux. o Readme.txt files -- version enhancements, basic installation, known issues, and release history. o Electronic versions of the printed manuals are available at: http://docs.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== Install this patch only on computers running ServerProtect for Linux 3.0 or higher versions released before this Patch. Note: Refer to the ServerProtect readme file for detailed system requirements for installing the product. 5. Installation/Uninstallation ======================================================================== 5.1 Installation ===================================================================== This section explains key steps for installing the software. Refer to the "Administrator's Guide" (AG) for detailed information. To install this Patch: 1. If you have registered or are going to register ServerProtect for Linux to Control Manager, make sure the latest Control Manager patch has been applied. 2. Log on as a root user. 3. Copy "splx_30_lx_en_sp1_patch7.tar.gz" to a working directory such as "/tmp/workdir". 4. Type the following commands: # cd /tmp/workdir # tar zxvf splx_30_lx_en_sp1_patch7.tar.gz # chmod u+x splx_30_lx_en_sp1_patch7.bin #./splx_30_lx_en_sp1_patch7.bin Notes: - The last command stops the ServerProtect services before installing this Patch. - ServerProtect services automatically start after the system completes the installation process. 5.2 Uninstallation ===================================================================== To remove Patch 7 and roll back to the previous ServerProtect for Linux build: 1. Run the following command: #rpm -e splx-3.0-sp1-patch7 Note: As the configuration file, "tmsplx.xml", used by Patch 7 may not be compatible with the one used by the previous ServerProtect for Linux release version, the configuration file will be saved as "tmsplx.xml.p7.rpmsave" when you uninstall this Patch. ServerProtect for Linux will use the configuration file previously backed up when installing this Patch. 2. Manually compare and synchronize the settings between the backed-up configuration file and the configuration file used by Patch 7 to apply the same custom settings to ServerProtect for Linux. Note: You can retrieve the ServerProtect for Linux 3.0 RPM information from the "Version.ini" file in the "/opt/TrendMicro/SProtectLinux/" information folder. Refer to Section 7.1 for more information. 6. Post-Installation Configuration ======================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== 7.1 Installation Issue --------------------------------------------------------------------- Patch 7 must remove the previous ServerProtect for Linux 3.0 Patch RPM information from the RPM database to prevent inconsistencies. But due to the limitation of RPM, the previous ServerProtect for Linux 3.0 Patch information could not be restored to the RPM database. Instead, it is stored in "/opt/TrendMicro/SProtectLinux/Version.ini". 7.2 Unable to export logs in Microsoft(TM) Internet Explorer(TM) 9 when accessing the web console using the HTTPS protocol. --------------------------------------------------------------------- To resolve this known issue: 1. On Internet Explorer 9, click the settings icon, or the "Tools" menu, and then click "Internet Options". 2. On the "Advanced" tab, clear the "Do not save encrypted pages to disk" option. 3. Click "OK" to save the settings. 7.3 On Internet Explorer, the progress bar animation does not work while ServerProtect for Linux registers or unregisters from Control Manager. --------------------------------------------------------------------- To resolve this known issue: 1. On Internet Explorer, click the settings icon, or the "Tools" menu, and then click "Internet Options". 2. On the "Advanced" tab, select the "Play animations in webpages" option. 3. Click "OK" to save the settings. 4. Restart Internet Explorer and access the ServerProtect for Linux web console again. 8. Release History ======================================================================== 8.1 Patch 1 ===================================================================== 8.1.1 Enhancements ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 1 provides the following enhancements: Enhancement 1: Internal HTTP Server - The internal HTTP server for ServerProtect has been updated to resolve some security issues. Enhancement 2: KHM Source Code - The KHM source code in the latest KHM packages has been updated. Enhancement 3: Kernel Debug Log - A dynamic enabling feature has been added to the kernel debug log. 8.1.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 1 resolves the following issues: Issue 1: ServerProtect for Linux does not send event logs to Control Manager if only the engine or spyware pattern is updated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1222] ServerProtect for Linux now sends event logs to Control Manager for engine or spyware pattern only updates. This enables Control Manager to send out email notifications for the status of the events, if configured to do so. Issue 2: When ServerProtect for Linux registers to Control Manager using Fully Qualified Domain Name (FQDN), the registration process may fail during the Linux system startup if the network environment is not ready. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1224] ServerProtect for Linux now attempts to register several times within a specified period of time if the Control Manager registration fails. Issue 3: When stopping ServerProtect for Linux services, ServerProtect for Linux cannot terminate the scheduled scanning process if the real-time scanning function is not working. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1234] ServerProtect for Linux now stops the scheduled scanning process normally when executing the "/etc/init.d/splx stop" command to stop the ServerProtect for Linux services. Issue 4: Even when the pattern file or scan engine is updated successfully, ServerProtect for Linux may generate a system log "ActiveUpdate not completed" with the reason "ActiveUpdate successfully downloaded the patch files. Patch update is now in progress". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1241] The "WaitingTime" parameter has been added in the "ActiveUpdate" section of the "tmsplx.xml" file. The default value for the "WaitingTime" parameter is "60" seconds which is adequate for most applications. Users can reconfigure this value as needed. Issue 5: ServerProtect for Linux cannot register to Control Manager if the domain information in "/etc/resolve.conf" is too long. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1246] Trend Micro has changed the way ServerProtect retrieves the host machine domain name to resolve the issue. Issue 6: When ServerProtect for Linux performs an update and all components are still up-to-date, the event log displays incorrect information. This prompts Control Manager to send an email notification stating "Update unsuccessful". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1247] ServerProtect for Linux now records this update as a successful update; Control Manager notes that there is no update needed and does not send out an "Update unsuccessful" notification. Issue 7: ServerProtect for Linux does not send email notifications when it detects a security risk by manual scan or scheduled scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix 1250] The "AlertInfectionFoundByMS" hidden key has been added to the "tmsplx.xml" file. When enabled, this key prompts ServerProtect for Linux to send email notifications for a detected security risk after a manual scan or scheduled scan. Issue 8: The PR page displays a grace expiry date that is one month earlier than the real grace expiry date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: The PR page now displays the correct grace expiry date. Issue 9: The "splxhttpd" service does not stop properly if the process ID of a newly-created "splxhttpd" process is higher than the one created before it. The same issue affects the "entity" process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: ServerProtect for Linux now uses a new method to stop the "splxhttpd" and "entity" processes in the "splxhttpd" and "splxcore" script. This enables ServerProtect for Linux to stop the two processes properly. 8.2 Patch 2 ===================================================================== 8.2.1 Enhancements ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 2 provides the following enhancements: Enhancement 1: KHM Source Code - the KHM source code has been updated. Refer to the following website for more information about the latest KHM source code: http://www.trendmicro.com/download/ kernel.asp?prodid=20 Enhancement 2: ServerProtect for Linux Web Console - The ServerProtect for Linux web console to accept square brackets ("[" and "]"). Enhancement 3: Legacy Pattern Release Files- ServerProtect for Linux can now be configured to use legacy pattern release files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To enable the option: a. Open the "tmsplx.xml" file using a text editor. b. Change the value for "PatternType" to "PATTERN_VSAPI_LEGACY". c. Restart ServerProtect for Linux using the following command: /etc/init.d/splx restart Note: When a higher pattern version is available, the key will take effect only after a successful pattern update. Enhancement 4: Registration Timeout - Users can now set the timeout value when ServerProtect registers to Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To set the timeout value: a. Open the "tmsplx.xml" file using a text editor. b. Add the "CMRegistrationTimeout" option under the "Configuration" section and set the value to the timeout duration in seconds.

c. Restart "splx" using the following command: /etc/init.d/splx restart Enhancement 5: KHM now supports the following kernels of Red Hat(TM) 4/5 and SUSE Linux Enterprise 10: Red Hat Enterprise Linux Server/Desktop 4 (i686 and x86_64) - 2.6.9-89.0.20.ELsmp i686 - 2.6.9-89.0.20.EL i686 - 2.6.9-89.0.20.ELsmp x86_64 - 2.6.9-89.0.20.EL x86_64 Red Hat Enterprise Linux Server/Desktop 5 (i686 and x86_64) - 2.6.18-164.11.1.el5PAE i686 - 2.6.18-164.11.1.el5xen i686 - 2.6.18-164.11.1.el5 i686 - 2.6.18-164.11.1.el5 x86_64 - 2.6.18-164.11.1.el5xen x86_64 SUSE Linux Enterprise 10 (Server or Desktop) (i686 and x86_64) - 2.6.16.60-0.59.1-xen i686 - 2.6.16.60-0.59.1-smp i686 - 2.6.16.60-0.59.1-bigsmp i686 - 2.6.16.60-0.59.1-smp x86_64 - 2.6.16.60-0.59.1-xen x86_64 - 2.6.16.60-0.59.1-default x86_64 8.2.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 2 resolves the following issues: Issue 1: If the debug log is enabled and users start a manual or scheduled update while an update process is running, the following message appears in the debug log: "Find the previous manual/schedule scan." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The log has been changed to: "Find the previous manual/schedule update." Issue 2: When users register ServerProtect for Linux to Control Manager in text mode and the registration fails, the ActiveUpdate server still changes to "TMCM update server". This prompts ServerProtect for Linux to ask the user to unregister from Control Manager first the next time the user attempts to register to Control Manager in text mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This issue has been resolved. Issue 3: When users make changes to the manual scan options, some changes may not take effect when users start a manual scan by clicking "Scan now" from the "Summary" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This issue has been resolved. 8.3 Patch 3 ===================================================================== 8.3.1 Enhancements ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 3 provides the following enhancements: Enhancement 1: KHM Source Code - The KHM source code has been updated. Refer go to the following website for more information about the latest KHM source code: http://downloadcenter.trendmicro.com/ index.php?clk=tbl&clkval=111®s=NABU&lang_loc =1#undefined Enhancement 2: Users can now set the maximum size of files for scans. This improves the ServerProtect for Linux performance while scanning a large number of compressed files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To configure the option: a. Open "tmsplx.xml" file using a text editor. b. Add the "RealtimeNotScanSize" and "OnDemandNotScanSize" keys under the "Scan" section and set the value to a positive integer in megabytes.

c. Restart the ServerProtect for Linux service. Note: The key does not take effect if the value is set to "0". "RealtimeNotScanSize" is for real-time scans; "OnDemandNotScanSize" is for manual and scheduled scans. Enhancement 3: Users can now prevent ServerProtect from deleting the old "TmuDump.txt" ActiveUpdate log and append new ActiveUpdate logs to the existing log file instead. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To enable the option: a. Open the "tmsplx.xml" file using a text editor. b. Add the "KeepAULog" option under the "ActiveUpdate" section and set its value to "1".

c. Restart the ServerProtect for Linux service. To control the total size of "TmuDump.txt": a. Open the "aucfg.ini" file under the "/opt/TrendMicro/SProtectLinux/" folder using a text editor. b. Add the "log_size" key under the "debug" section of the "aucfg.ini" file and set its value to the size limit in megabytes. For example, to set the size limit of the "TmuDump.txt" file to 1 MB, set: [debug] log_size = 1 c. Save the changes to the "aucfg.ini" file. Enhancement 4: Users can now create a list of approved process names. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To create/edit the list of approved processes: a. Open the "tmsplx.xml" file using a text editor. b. Add the "RealtimeExcludeCommand" key under the "Scan" section and specify the approved processes separating multiple commands using a colon (:). For example:

Note: The feature can only take effect after you apply KHM version above 3.0.0.0005. This feature supports only the asterisk (*) and question mark (?) as wild card characters and behaves similarly to the real-time scan exclusion list setting. Enhancement 5: KHM now supports the use of the asterisk (*) and question mark (?) as wild card characters in the "Exclude these locations" and "Exclude the specified files" fields of the real-time scan exclusion list. 8.3.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 3 resolves the following issues: Issue 1: While establishing an SMTP session with the email server to send email notifications from ServerProtect for Linux, ServerProtect for Linux sends a "HELO" command to the email server before the email server's greeting message arrives. As a result, ServerProtect for Linux treats the greeting message as the email server's response to the "HELO" command. This causes an error that prevents ServerProtect for Linux from establishing the SMTP session and sending out the email notification. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1301] ServerProtect for Linux now sends out email notifications without issues. Issue 2: After applying ServerProtect for Linux 3.0 Service Pack 1 Patch 2, the ServerProtect real-time scan may take an unusually long amount of time to scan compressed files containing a large number of files even when the current real-time scan setting is set to skip most of the files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1307] An unnecessary delay operation added in Patch 2. has been deleted to resolve the issue. Issue 3: ServerProtect for Linux CDT tools do not collect some important information such as log messages, KHM information and the ActiveUpdate (AU) log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1310] ServerProtect for Linux CDT tools now collect "/var/log/messages", AU logs, and KHM information. Issue 4: ServerProtect for Linux does not automatically register to Control Manager if Control Manager starts after ServerProtect for Linux. When registration fails, ServerProtect for Linux will not show the registration information that was previously entered on the Web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1311] An auto-register process has been added in ServerProtect for Linux to resolve this issue. Issue 5: A vulnerability exists in the ServerProtect for Linux 3.0 "splxhttpd" binary file containing OpenSSL 0.9.8i. Remote attackers can exploit this vulnerability and use malformed records in a HTTPS connection with ServerProtect for Linux to cause ServerProtect for Linux to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: The OpenSSL module in "splxhttpd" has been upgraded to resolve this issue. 8.4 Patch 4 ===================================================================== 8.4.1 Enhancements ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 4 provides the following enhancements: Enhancement 1: KHM Source Code - The KHM source code has been updated. Refer to the following website for more information about the latest KHM source code: http://downloadcenter.trendmicro.com/ index.php?clk=tbl&clkval=111®s=NABU&lang_loc =1#undefined Enhancement 2: Apache Server - The Apache server and the OpenSSL module in the Apache server have been updated. 8.4.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 4 resolves the following issues: Issue 1: ServerProtect for Linux sends the last VSAPI and virus pattern update time to Control Manager in the GMT time zone. This prevents Control Manager from displaying the update time in local time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1318] ServerProtect for Linux now sends Control Manager the last VSAPI and virus pattern update time in local time. Issue 2: During manual scans, ServerProtect for Linux displays "ERROR" and "-1" scanned files on the Web page if the total number of files for scanning has not been updated in a long time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1321] This issue has been resolved. Issue 3: Under certain conditions, when the ServerProtect for Linux real-time scan detects a virus in a compressed file, the virus/spyware log for the compressed file does not display a virus name and action result. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1322] The virus/spyware logs now display the correct virus name and action result. Issue 4: Error logs appear in "/var/log/messages" when some hidden keys introduced in Patch 3 are not configured. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1340] Error logs now appear in "/var/log/messages" only when the debug log level is set to "5". Issue 5: ServerProtect for Linux uses an older version of the VSAPI engine on the Red Hat Enterprise Linux 6 platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: ServerProtect for Linux now uses the latest VSAPI engine for the Red Hat Enterprise Linux 6 platform. 8.5 Patch 5 ===================================================================== 8.5.1 Enhancements ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 5 includes the following enhancements: Enhancement 1: KHM Source Code - KHM source code has been updated to version 3.0.1.0010. Refer to the following website for more information about the latest KHM source code: http://downloadcenter.trendmicro.com/ index.php?clk=tbl&clkval=111®s=NABU&lang_loc =1#undefined Enhancement 2: Apache Server - The Apache server has been upgraded to version 2.2.25, and the OpenSSL module in the Apache server to version 1.0.1e. Enhancement 3: ActiveUpdate Module - The ActiveUpdate (AU) module has been upgraded to version 2.85 and the following three folders: - "/opt/TrendMicro/SProtectLinux/AU_Cache" - "/opt/TrendMicro/SProtectLinux/AU_Temp" - "/opt/TrendMicro/SProtectLinux/AU_Log" have been moved to: - "/opt/TrendMicro/SProtectLinux/AU_Data/AU_Cache" - "/opt/TrendMicro/SProtectLinux/AU_Data/AU_Temp" - "/opt/TrendMicro/SProtectLinux/AU_Data/AU_Log" 8.5.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 5 resolves the following issues: Issue 1: ServerProtect for Linux sends a notification for an outdated pattern file even when the pattern file is up-to-date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1358] The way ServerProtect for Linux determines whether a pattern file is up-to-date or not has been enhanced to ensures that ServerProtect for Linux sends out an outdated pattern file notification only when a pattern file is outdated. Issue 2: Users do not receive any notifications after ServerProtect for Linux disables the Real-time Scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1359] An option has been added to ensure that users receive notifications even after ServerProtect for Linux disables the Real-time Scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To enable this feature: a. Stop ServerProtect for Linux. b. Open the "tmsplx.xml" file under the "/opt/TrendMicro/SProtectLinux/" folder. c. Locate the "AlertRealtimeScanStatus" key under the "Scan" section and set it to the following:

d. Save the changes and close the "tmsplx.xml" file. e. Start ServerProtect for Linux. Issue 3: When users choose to update multiple components and one or more components, but not all, update successfully, the last update time of all selected components will be updated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1363] Now, only the last update time of successfully updated components are changed in this case. Issue 4: Control Manager does not support the display of any information about the new engine for the Common Internet File System (CIFS) in ServerProtect for Linux. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Critical Patch 1366] Control Manager now displays the necessary information about the new engine for CIFS in ServerProtect for Linux. Issue 5: The warning message that appears during an update to warn users that the product license has expired contains a typographical error. In the message, "perion" was used instead of "period". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1371] The typographical error in the notification has been corrected. Issue 6: The cron job setting is not updated with all the rest of the ServerProtect for Linux settings during configuration replication from one computer to another through the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1372] The cron job setting is now always updated with the rest of the ServerProtect for Linux settings during configuration replication from one computer to another through the Control Manager console. Issue 7: By default, Scheduled Scan and Manual Scan modify the last access time of files after scans. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix 1383] An option has been added to prevent Scheduled Scan and Manual Scan from modifying a file's last access time if the file is not infected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To enable this feature: a. Stop ServerProtect for Linux. b. Open the "tmsplx.xml" file. c. Locate the "DisableAtimeNoChange" key under the "Scan" section and set it to the following:

d. Save the changes and close the file. f. Start ServerProtect for Linux. Issue 8: During a scheduled update, ServerProtect for Linux may use the wrong working directory when it tries to update again. This triggers a "PATCH_ERROR" message in "TmuDump.txt". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: ServerProtect for Linux now always uses the correct working directory during scheduled updates. 8.6 Patch 6 ===================================================================== 8.6.1 Enhancements ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 6 includes the following enhancements: Enhancement 1: Kernel Hooking Module Source Code - KHM source code has been updated to version 3.0.1.0013. Refer to the following website for more information about the latest KHM source code: http://downloadcenter.trendmicro.com/ index.php?clk=tbl&clkval=111®s=NABU&lang_loc =1#undefined Enhancement 2: Apache(TM) Server - The Apache server has been upgraded to version 2.2.29, and the OpenSSL module in the Apache server to version 1.0.1m. Enhancement 3: Common Log Module - The Common Log Module has been upgraded to version 1.1.1.1177 to support leap second. Enhancement 4: World Virus Tracking Program - The World Virus Tracking feature has been removed from ServerProtect for Linux 3.0 because the Trend Micro's World Virus Tracking Center is no longer available. The following configuration items in the tmsplx.xml file are out of date:

Enhancement 5: TMNotify Module - The TMNotify module has been upgraded to version 1.3.0.1075 to use different OID to send SNMP trap messages. The following mib file will be added to ServerProtect for Linux: "/opt/TrendMicro/SProtectLinux/SPLX.MIB" Note: If the SNMP manager uses a version of the mib file that is older than the one specified above, you should replace the old version with the file above. Enhancement 6: License Deployment Feature - The Trend Micro Control Manager(TM) Agent SDK has been upgraded to version 5.0.0.2165 to support license deployment from Control Manager. You can now deploy a new Activation Code or renew an existing Activation Code from Control Manager. Enhancement 7: Fixed Web UI Security Vulnerabilities - All the high and medium Web console security vulnerabilities found by Nessus, Acunetix Web Vulnerability Scanner, and IBM Rational AppScan have been fixed. Enhancement 8: HTTP Redirect - HTTP is not a safe protocol. This enhancement enables ServerProtect to switch from HTTP to HTTPS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To enable HTTP access: a. Open the "splxhttpd.conf" file in the "/opt/TrendMicro/SProtectLinux/SPLX.httpd/conf" folder. b. Comment out the four lines. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #RewriteEngine on #RewriteCond %{HTTPS} !=on #RewriteRule ^(.*)$ https://%{HTTP_HOST}/ [C] #RewriteRule //(.*): https://$1:14943/ [R=301,L] +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ c. Save the changes and close the file. d. Restart the splxhttpd service using the following command: service splxhttpd restart 8.6.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 6 resolves the following issues: Issue 1: The Java(TM) applet component of ServerProtect for Linux 3.0 is blocked after users update the Java Runtime Environment (JRE) module to 7u51. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Critical Patch 1403] This critical patch resolves this issue by rebuilding the Java applet component of ServerProtect for Linux 3.0 according to Oracle's notes at the following website: https://blogs.oracle.com/java-platform-group /entry/new_security_requirements_for_rias. Issue 2: On some platform versions of Linux, the ActiveUpdate module may not be able to merge pattern files or may stop unexpectedly during an update while using up a large amount of CPU resources. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix AU 2.85 1086] This hotfix changes a memory management function in RTPatch ("libpatch.so") to ensure that ActiveUpdate can merge pattern files and perform updates successfully. Issue 3: ServerProtect for Linux 3.0 may not be able to send the correct operating system language information to Control Manager when it is installed on the Red Hat 6 or CentOS 6 platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1421] This hotfix ensures that ServerProtect for Linux 3.0 always sends the correct operating system information to Control Manager. Issue 4: Sometimes, the "Some errors were found while stopping splx kernel module." message appears while ServerProtect for Linux 3.0 closes because the ServerProtect script does not wait long enough for the kernel module to finish unloading. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1425] This hotfix enables the ServerProtect script to give the kernel module more time to unload while ServerProtect for Linux 3.0 closes. This helps prevent the error message from appearing. Issue 5: ServerProtect for Linux 3.0 converts file names in virus logs to "UCS-4" before sending these logs to Control Manager. Sometimes, ServerProtect for Linux 3.0 encounters an exception error while converting file names that are not in "UTF-8" format, which can trigger the process "entity" to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1428] This hotfix enables ServerProtect for Linux 3.0 to catch the exception, then convert the file name to "ASCII" and replace non-ASCII characters with question marks. ServerProtect for Linux 3.0 then converts the "ASCII" file name to "UCS-4". Issue 6: Sometimes, ServerProtect for Linux 3.0 cannot open a file during a manual scan or scheduled scan. This triggers an error that can cause the scan to take unusually long time to complete. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1431] This hotfix enables ServerProtect for Linux 3.0 to correctly handle the error so that a manual or scheduled scan runs normally when ServerProtect for Linux 3.0 fails to open a file during the scan. Issue 7: ServerProtect for Linux 3.0 does not accept public IP addresses or public domain names, but these appear as examples on the SMTP settings page of the Web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix 1436] This hotfix deletes public IP addresses and public domain names from the SMTP settings page. Issue 8: Sometimes, ServerProtect for Linux stops unexpectedly when ServerProtect for Linux tries to erase a cookie or tries to get the string value from the configuration file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This hotfix resolves this known issue. Issue 9: Sometimes, logs may be deleted unexpectedly after users change the log directory even when the logs are not older than the number of days specified in MaxLogDay. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This hotfix ensures that ServerProtect for Linux only deletes logs that are older than the number of days specified in MaxLogDay. Issue 10: Sometimes, if ServerProtect for Linux accesses Control Manager through a secure protocol using a proxy, it may not be able to connect to Control Manager through Single Sign-On (SSO). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This hotfix ensures that ServerProtect for Linux can connect to Control Manager through SSO under the scenario above. Issue 11: Sometimes, if the permission for the SSO_PKI_PublicKey.pem file generated by ServerProtect for Linux is incorrect, it may not be able to connect to Control Manager through SSO. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This hotfix ensures that ServerProtect for Linux can connect to Control Manager through SSO under the scenario above. 9. Files Included in this Release ======================================================================== --------------------------------------------------------------------- Filename Build No. --------------------------------------------------------------------- For both 32-bit and 64-bit ServerProtect: splx 3.0.1505 splxcore 3.0.1505 splxhttpd 3.0.1505 vsapiapp 3.0.1505 splxmain 3.0.1505 SetTMDefaultExt 3.0.1505 splx_manual_scan 3.0.1505 splx_schedule_scan 3.0.1505 virus_type_finder 3.0.1505 entity 3.0.1505 libi18n.so.1 1.1.1.1177 liblogmgt.so.1 1.1.1.1177 liblogrdr.so.1 1.1.1.1177 liblogshr.so.1 1.1.1.1177 liblogwtr.so.1 1.1.1.1177 liblowlib.so.1 1.1.1.1177 libTMNotifymt.so.1 1.3.0.1077 libsplxcommon.so 3.0.1505 libsplxcxml.so 3.0.1505 libProductLibrary.so 3.0.1505 DiagnosticTool 3.0.1505 CMconfig 3.0.1505 EncryptAgentPassword 3.0.1505 splxcomp 3.0.1505 splxport 3.0.1505 upcfg 3.0.1505 xmlvalidator 3.0.1505 checkBrowser.sh 3.0.1505 splxhttpd.conf 3.0.1505 libapr-1.so.0.5.2 3.0.1505 libaprutil-1.so.0.5.4 3.0.1505 libexpat.so.0.5.0 3.0.1505 splxhttpd 3.0.1505 server.crt 3.0.1505 server.key 3.0.1505 splxmain.8.gz 3.0.1505 tmsplx.xml.5.gz 3.0.1505 cmoption.cgi 3.0.1505 log_management.cgi 3.0.1505 login_and_register.cgi 3.0.1505 notification.cgi 3.0.1505 proption.cgi 3.0.1505 scanoption.cgi 3.0.1505 scanoption_set.cgi 3.0.1505 showpage.cgi 3.0.1505 srv_admin.cgi 3.0.1505 summary.cgi 3.0.1505 tmcm_sso.cgi 3.0.1505 viewlog.cgi 3.0.1505 Alerts.htm 3.0.1505 charset.htm 3.0.1505 Recipients.htm 3.0.1505 cmsettings_no_reg.htm 3.0.1505 cmsettings_reged.htm 3.0.1505 password.htm 3.0.1505 proxy_settings.htm 3.0.1505 proxy_settings_update.htm 3.0.1505 menu_1.htm 3.0.1505 loginpage_registered_splx.htm 3.0.1505 logoff_splx.htm 3.0.1505 backup_directory.htm 3.0.1505 customer_register.htm 3.0.1505 quarantine_directory.htm 3.0.1505 registration.htm 3.0.1505 pr_activate.htm 3.0.1505 pr_activate_rej.htm 3.0.1505 pr_licenseinfo_no_ac.htm 3.0.1505 setting_on.htm 3.0.1505 banner.htm 3.0.1505 banner_cm.htm 3.0.1505 password_wrong.htm 3.0.1505 TmCube_Common.js 3.0.1505 client_cfg.js 3.0.1505 calendar.js 3.0.1505 Update_Scheduled.htm 3.0.1505 update_progress.htm 3.0.1505 Update_Manual.htm 3.0.1505 update_fail.htm 3.0.1505 Scheduled.htm 3.0.1505 scan_progress2.htm 3.0.1505 scan_progress.htm 3.0.1505 Real-time.htm 3.0.1505 Manual.htm 3.0.1505 Response_success.htm 3.0.1505 virus_logs.htm 3.0.1505 system_logs.htm 3.0.1505 spyware_logs.htm 3.0.1505 scan_logs.htm 3.0.1505 purge_now.htm 3.0.1505 logs_on_disk.htm 3.0.1505 log_directory.htm 3.0.1505 exclusion_scheduled.htm 3.0.1505 exclusion_real.htm 3.0.1505 exclusion_manual.htm 3.0.1505 localization.js 3.0.1505 script1.js 3.0.1505 script_splx.js 3.0.1505 Manual.htm 3.0.1505 TMBIF 3.0.1505 SPLX.MIB 3.0.1505 Agent.ini.template 3.0.1505 Product.ini.template 3.0.1505 help 3.0.1505 CryptoJS 3.0.1505 AuPatch 2.85.1180 libpatch.so 2.85.1180 libtmactupdate.so 2.85.1180 cert5.db n/a x500.db n/a SPLX_CM_UI.zip n/a For both 32-bit ServerProtect: cgiCmdNotify 5.0.0.2188 libProductLibrary.so 5.0.0.2188 libEn_Utility.so.1.0.0 5.0.0.2188 libSSO_PKIHelper.so.1.0.0 5.0.0.2188 libTrendAprWrapper.so.1.0.0 5.0.0.2188 libapr-1.so.0.1.1 5.0.0.2188 libcrypto.so.1.0.0 5.0.0.2188 libcurl.so.4.0.0 5.0.0.2188 libssl.so.1.0.0 5.0.0.2188 For 64-bit ServerProtect: cgiCmdNotify 5.0.0.2179 libProductLibrary.so 5.0.0.2179 libEn_Utility.so.1.0.0 5.0.0.2179 libSSO_PKIHelper.so.1.0.0 5.0.0.2179 libTrendAprWrapper.so.1.0.0 5.0.0.2179 libapr-1.so.0.1.1 5.0.0.2179 libcrypto.so.1.0.0 5.0.0.2179 libcurl.so.4.0.0 5.0.0.2179 libssl.so.1.0.0 5.0.0.2179 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our website. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years of experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Network, ServerProtect, and Control Manager are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide