Trend Micro Confidential - For Internal Use Only Trend Micro Inc., 2004-2017. All Rights Reserved. April, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Mobile Security for Enterprise Version 9.7 Patch 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Mobile Security for Enterprise 9.7 Patch 2 uses the latest security technologies to defend against threats to mobile devices. Integrated filters can also block unwanted telephone calls and text messages. Mobile Security also provides Web Security that can help protect you from online fraud like phishing and pharming by blocking access to risky sites on the Web. The logon password protection helps protect your mobile device from an unauthorized access. This version of Mobile Security offers the following features: - Supports multiple platforms, including iOS, Android, and Windows Phone - Scheduled or manual component updates ensure up-to-date pattern, security policies, and program versions - Logon authentication prevent unauthorized access to mobile device - Uninstallation protection using a preset password - Award-winning anti-malware scanning technology for mobile malware threats - Web Security ensures safe Internet browsing - SMS filtering blocks unwanted text messages - Call filtering blocks calls from unwanted and anonymous callers - Comprehensive logs track scan results, security threats found, text messages and calls filtered, and other events - Enables the administrator to: - provision Wi-Fi settings and control various features on mobile devices - enforce password authentication and configure password complexity - allow or block the installation of certain applications on mobile devices - create a list of apps for the users to install on mobile devices through Enterprise Applications - lock, locate, or wipe the data off the mobile device remotely - authenticate a batch of mobile devices using their IMEI numbers and/or Wi-Fi MAC addresses. Contents ===================================================================== 1. Product Version Information 2. System Requirements and Compatibility List 3. Installation 4. What's New 5. Known Issues 6. About Trend Micro 7. Contact Information ===================================================================== 1. Product Version Information ======================================================================== Server Build: 9.7.0.1379 Android Client Build: 9.7.0.1205 iOS Client Build: 2.0.0.1465 2. System Requirements and Compatibility List ======================================================================== Trend Micro Mobile Security for Enterprise 9.7 Patch 2 requires the following hardware and software specifications on the computers where it is installed: 2.1 Mobile Security Management Server: ===================================================================== Hardware ~~~~~~~~ - 1GHz Intel(TM) Pentium(TM) processor or equivalent - At least 1-GB of RAM - At least 400-MB of available disk space Platform ~~~~~~~~ - Microsoft Windows 2008 Server Family - Microsoft Windows 2008 R2 Server Family - Microsoft Windows 2012 Server Family - Microsoft Windows 2012 R2 Server Family Recommended Platform ~~~~~~~~ - Windows Server 2008 R2 Enterprise Edition - Windows Server 2008 Enterprise Edition SP1 - Windows Server 2008 Standard Edition - Windows Web Server 2008 Edition SP1 2.2 Mobile Security Communication Server ===================================================================== Hardware ~~~~~~~~ - 1GHz Intel(TM) Pentium(TM) processor or equivalent - At least 1GB of RAM - At least 40MB of available disk space Platform ~~~~~~~~ - Microsoft Windows 2008 Server Family - Microsoft Windows 2008 R2 Server Family - Microsoft Windows 2012 Server Family - Microsoft Windows 2012 R2 Server Family Recommended Platform ~~~~~~~~~~~~~~~~~~~~ - Windows Server 2008 R2 Enterprise Edition - Windows Server 2008 Enterprise Edition SP1 - Windows Server 2008 Standard Edition - Windows Web Server 2008 Edition SP1 2.3 Mobile Security Exchange Connnector ===================================================================== Platform ~~~~~~~~ - Windows Server 2008 R2 (64-bit) - Windows Server 2012 (64-bit) - Windows Server 2012 R2 (64-bit) Hardware ~~~~~~~~ - 1-GHz Intel(TM) Pentium(TM) processor or equivalent - At least 1GB of RAM - At least 200MB of available disk space 2.4 SQL Server ===================================================================== - Microsoft SQL Server 2008/2008 R2/2012/2014/2008 Express/ 2008 R2 Express/2012 Express/2014 Express 2.5 iOS Mobile Device ===================================================================== Operating system ~~~~~~~~~~~~~~~~ - iOS 6.x - iOS 7.x - iOS 8.x - iOS 9.X - iOS 10.X Storage space ~~~~~~~~~~~~~ 3MB minimum 2.6 Android Mobile Device ===================================================================== Operating system ~~~~~~~~~~~~~~~~ - Android 2.3 Gingerbread - Android 3.0 Honeycomb - Android 4.0 Ice Cream Sandwich - Android 4.1 Jelly Bean - Android 4.2 Jelly Bean - Android 4.3 Jelly Bean - Android 4.4 KitKat - Android 5.0 Lollipop - Android 5.1 Lollipop - Android 6.0 Marshmallow - Android 7.0 Nougat Storage space ~~~~~~~~~~~~~ 8MB minimum 2.7 Windows Phone Mobile Device ===================================================================== Operating system ~~~~~~~~~~~~~~~~ - Windows Phone 8.0 - Windows Phone 8.1 - Windows Phone 10 3. Installation Overview ======================================================================== Note: Trend Micro cannot guarantee compatibility between Mobile Security and file system encryption software. Software products that offer similar features, such as anti-malware scanning, SMS management, and firewall protection, may also be incompatible with Mobile Security. You may be prompted to uninstall these software products before you can install Mobile Security on your mobile device. ------------------------------------------------------------------------ This section explains the key steps for installing this product. For detailed installation steps, refer to the Installation and Deployment Guide. Mobile Security for Enterprise consists of five components: Mobile Security Management Server, Mobile Security Communication Server, Exchange Connector, and Mobile Device Agents (the Mobile Security clients). Depending on your network topology and needs, you may install the necessary components. Mobile Security Management Server --------------------------------------------------------------------- Mobile Security Management Server allows you to control Mobile Device Agents from the administration Web console. Once mobile devices are enrolled with the server, you can configure Mobile Device Agent policies and perform updates. Mobile Security Communication Server --------------------------------------------------------------------- Mobile Security Communication Server handles communications between the Mobile Security Management Server and Mobile Device Agents. Mobile Device Agents can connect to the public IP address of the Communication Server. Mobile Security for Enterprise supports two types of Communication Servers: Local Communication Server (which is installed in the local network) and the Cloud Communication Server (which is installed in the cloud and maintained by Trend Micro. Trend Micro Exchange Connector --------------------------------------------------------------------- You can install Exchange Connector if you want to manage Windows Phone, Android or iOS mobile devices that use Microsoft Exchange ActiveSync service. Mobile Device Agent (Mobile Security Client) --------------------------------------------------------------------- Install the Mobile Device Agent (the Mobile Security client program) on supported platforms using one of the following methods: - Email notification - Memory card - Manual installation 4. What's New ======================================================================== The following new features are available in Mobile Security for Enterprise v9.7 patch1: - Integration with MobileIron Core On-premise Solution: Provides security scan for Android and iOS mobile devices while integrating with MobileIron Core On-premise solution. - Supports iOS Activation Lock: Activation Lock is a feature of Find My iPhone that is built into mobile devices with iOS 7 and later. It prevents reactivation of lost or stolen mobile device by requiring the user's Apple ID and password before anyone can turn off Find My iPhone, erase, or reactivate and use the mobile device. 5. Known Issues ======================================================================== Note: Trend Micro cannot guarantee compatibility between Mobile Security and file system encryption software. Software products that offer similar features, such as anti-malware scanning, SMS management, and firewall protection, may also be incompatible with Mobile Security. You may be prompted to uninstall these software products before you can install Mobile Security on your mobile device. The following are the known issues for the server in this release: 5.1 The status of mobile device that is displayed in the Mobile Security server is not "Inactive", even after: - the Android Mobile Device Agent is uninstalled. - the iOS "MDM Enrollment Profile" is removed from the mobile device. --------------------------------------------------------------------- This can happen if the Android Mobile Device Agent is uninstalled or the iOS "MDM Enrollment Profile" is removed from the mobile device when it was not connected to the network. As a result, the Mobile Security server keeps displaying the mobile device in the Device list even after the Mobile Security client is uninstalled on the mobile device. However, the mobile device status changes to "Out of Sync". 5.2 The Exchange ActiveSync provisioning policy does not contain user name and email address information. --------------------------------------------------------------------- This happens if the user name or email address is not configured for the iOS mobile device. To resolve this issue, configure the Active Directory from "Administrator" > "Active Directory Settings", and then add the user from the Active Directory again. 5.3 Mobile Security is unable to read the phone number from Android mobile devices. --------------------------------------------------------------------- Mobile Security requires the default Android API to read the phone number from the mobile device. If the mobile device does not use the default Android API, Mobile Security is unable to read the phone number. This can also happen if the phone number is not stored on the operator's database instead of the SIM card. 5.4 Users are unable to upgrade from the non-customized application package to a customized application package. --------------------------------------------------------------------- Since the customized and non-customized application packages use different certificates for authentication, the non-customized application package cannot be upgraded to the customized one, or vice versa. To resolve this issue, manually remove Mobile Security from the mobile phone and then install the customized application package. 5.5 Sometimes the Android or iOS mobile device agents do not receive the policy update and/or remote lock/wipe/locate instruction from the server. --------------------------------------------------------------------- If the network connection between the client and the server is not stable, this known issue may occur. 5.6 Sometimes an Android mobile device using Exchange ActiveSync does not display the correct status in Exchange ActiveSync Devices tab in Mobile Security. --------------------------------------------------------------------- This happens if the Mobile Security Management Server is unable to get the correct mobile device identity from the Exchange Server. 5.7 The Mobile Device Agents are sometimes unable to connect to the Cloud Communication Server (CCS). --------------------------------------------------------------------- The Mobile Device Agents connect with the Cloud Communication Server through the Internet. This known issue may occur if the connection between the mobile device and the Cloud Communication Server is not stable. 5.8 Internet Explorer crashes while using Trend Micro Mobile Security administration Web console. --------------------------------------------------------------------- If the Mobile Security administration Web console is not closed on Internet Explorer for some time (depending on the memory size), memory leak occurs and causes Internet Explorer to crash. For details, refer to the following link: http://support.microsoft.com/kb/982094/en-us 5.9 Mobile Security displays the Exchange Connector status as Connected, even when the Exchange Connector is uninstalled from the computer. Moreover, Mobile Security is unable to reinstall the Exchange Connector because the setup program is unable to connect to the Mobile Security server. --------------------------------------------------------------------- This happens when the Exchange Connector is uninstalled while it is disconnected from the Mobile Security Management Server. The Management Server is unable to receive the uninstallation notification from the Exchange Connector, and therefore displays the wrong status. If the Mobile Security displays the Exchange Connector status as Connected, it will not connect to another Exchange Connector. To resolve this known issue, perform the following steps: 1. Log on to the Mobile Security administration Web console. 2. Using the same Web browser, open the following URL: https://:/mdm/cgi/web_service.dll? tmms_action=mdm_register_new_connector 3. Replace and with the actual Mobile Security Management Server host name/IP address and port number. 4. Press Enter. The following message should appear. { "error_code" : 1, "message" : "Success", "timestamp" : xxxxxxxxxx } Where, xxxxxxxxxx displays the current timestamp. After performing the above steps, Mobile Security will reset the Exchange Server Integration settings, and you should be able to install the Exchange Connector. 5.10 Unable to access some external Web services when Trend Micro Mobile Security is deployed in pure IPv6 environment. --------------------------------------------------------------------- This happens when the external Web services do not support IPv6. 5.11 Unable to access SMTP server or Active Directory when Management Server connects these servers using IPv6. --------------------------------------------------------------------- The Management Server is unable to access the SMTP Server or Active Directory when using IPv6. 5.12 Sometimes, iOS Mobile Device Agents are unable to enrol with the Mobile Security server. --------------------------------------------------------------------- This happens when the SCEP server uses IPv6 numeric address to enrol iOS mobile devices. To resolve this known issue, configure SCEP using the domain name on Mobile Security Web console. 5.13 Mobile Security is unable to remove Microsoft Exchange email account on some mobile devices. --------------------------------------------------------------------- This known issue occurs when performing selective wipe on mobile devices running Android 5.0 or later because of limitations on the operating system. 5.14 Mobile Security is unable to run a cloud scan and perform policy updates on Android devices that are on battery save mode. --------------------------------------------------------------------- This known issue affects devices running on Android 5.0 or later. When the device is on battery save mode, the network connection is disabled and Mobile Security is unable to run a cloud scan or perform policy updates. 5.15 Mobile Security is unable to acquire the Wi-Fi MAC addresses or IMEI of mobile devices running Android 7.0 or later. --------------------------------------------------------------------- This known issue occurs because of limitations on the operating system. As a result, Mobile Security does not display the IMEI or Wi-Fi MAC addresses of affected devices on Mobile Security web console. 5.16 Devices running Android 7.0 or later do not show the correct Encryption status when the devices use Pattern mode as screen lock type --------------------------------------------------------------------- This known issue occurs because of limitations on the operating system of Android 7.0. 5.17 Mobile Security is unable to reset the password of mobile devices running Android 7.0 or later. --------------------------------------------------------------------- This known issue occurs because of limitations on the operating system of Android 7.0. The following are the known issues for iOS devices in this release: 5.18 Uninstalling the iOS Mobile Device Agent does not change the status on the Management Server to "Inactive". --------------------------------------------------------------------- The Mobile Security Management Server does not change iOS mobile device status to "Inactive" until the "MDM Enrollment Profile" is removed from the mobile device. 5.19 Uninstalling the iOS MDM Enrollment Profile does not change the status on Mobile Device Agent to "Inactive". --------------------------------------------------------------------- This can happen if the iOS "MDM Enrollment Profile" is removed from the mobile device when it is not connected to the network. As a result, the Mobile Device Agent keeps displaying the old status. To resolve this issue, delete the iOS mobile device record on the Mobile Security Management Server or reinstall the iOS Mobile Device Agent on the mobile device. 5.20 The iOS mobile device does not receive APNs notification if the mobile device uses a proxy to access server. --------------------------------------------------------------------- Mobile devices are unable to connect to APNs using a proxy server. The following are the known issues for Android devices in this release: 5.21 Incoming calls rejected within three (3) seconds are recorded as annoying calls. --------------------------------------------------------------------- Trend Micro Mobile Security is currently unable to differentiate incoming calls rejected by the user within three (3) seconds from callers who hang up within three (3) seconds of making a call. Therefore, these calls are recorded as annoying calls. 5.22 If the JavaScript is disabled on the Android device web browser, a blocked page can be accessed by pressing the back button. --------------------------------------------------------------------- Trend Micro Mobile Security requires JavaScript to detect and block an inappropriate web page. Enable JavaScript on your default Web browser for complete protection while surfing Internet. 5.23 Remote lock does not take effect immediately. --------------------------------------------------------------------- On some mobile devices, the "Security lock timer" setting may be used to lock the mobile device after a specified period of inactivity. If the "Security lock timer" is enabled on a mobile device, remote lock only takes effect after the specified inactivity period has elapsed. Otherwise, the remote lock immediately locks the mobile device. 5.24 User can stop Mobile Security services from the list of running applications on Android mobile devices. --------------------------------------------------------------------- This is a known issue on Android mobile devices. However, even if the Mobile Security service is stopped, Real-time scan and uninstall protection still function as normal. 5.25 Mobile Security is unable to block the Iframe tags in HTML Web pages or the URLs saved in the WebView Android SDK Component. --------------------------------------------------------------------- Mobile Security currently requires the Android default browser to function properly, and is unable to block the Iframe tags in HTML Web pages or the URLs that are saved on a third-party application. 5.26 On HTC mobile devices, performing the selective wipe does not delete the Exchange account information on the device. --------------------------------------------------------------------- The email client on HTC mobile devices is modified by the manufacturer. Therefore, Mobile Security is currently unable to delete the account information on HTC mobile devices. 5.27 The LG P-500, KDDI au IS04, or Xiaomi mobile devices ring and/or vibrate even if the Call Blocking feature is enabled. --------------------------------------------------------------------- This known issue allows LG P-500, KDDI au IS04, or Xiaomi mobile devices to ring and/or vibrate once even if the Call Blocking feature is enabled. However, the incoming call will still be recorded on the Blocked Call History as blocked. 5.28 On KDDI IS11CA mobile devices, Trend Micro Mobile Security does not filter text messages even if the Text Blocking feature is enabled. --------------------------------------------------------------------- Trend Micro Mobile Security requires the default Android text messaging application to function properly. If the mobile device manufacturer has modified the text messaging application, this known issue may occur on such mobile devices. 5.29 The battery consumption on Softbank 003SH and KDDI IS11CA mobile devices is very high. --------------------------------------------------------------------- This happens when the administrator has disabled the camera on a Softbank 003SH or KDDI IS11CA mobile device. When the camera is disabled, the firmware of the mobile device continuously checks the temperature of the mobile device, resulting in excessive battery consumption. 5.30 Unable to get the location information of some mobile devices remotely from the Mobile Security Management Server. --------------------------------------------------------------------- Mobile Security requires the default Android Application Programming Interface (API) for location detection to function properly. This happens if the API for location detection is modified by the mobile device manufacturer. This is a known issue for the following mobile devices: - Motorola MB526 - HTC Explorer A310e - Motorola MB525+ - Samsung i9100 (Galaxy SII) - Amazon Kindle Fire 5.31 The SD card lock feature does not work on Android 4.2 or later versions. --------------------------------------------------------------------- Andriod 4.2 or later versions change the protection level for unmounting SD cards which prevents any third-party application from unmounting SD cards. 5.32 Unable to block text messages on Android 4.4 or later. --------------------------------------------------------------------- Android 4.4 or later limits any third-party application from modifying the text messages on mobile devices. 5.33 Unable to disable 3G connection on Android 5.0. --------------------------------------------------------------------- Mobile Security is unable to disable the 3G connection on devices running on Android 5.0 or later.. 5.34 The mobile device receives two messages from the administrator and sometimes the messages seem incomplete and out of order. --------------------------------------------------------------------- This known issue occurs when the administrator sends several messages while the mobile device is not connected to the Mobile Security server. Whenever the mobile devices connects to the server, the mobile device receives only the last two messages sent by the administrator and in the reverse order. 5.35 The tethering lock does not work on some mobile devices. --------------------------------------------------------------------- When the administrator disables tethering in the Feature Lock Policy, Mobile Security only disables this feature on mobile devices running Android 4.0, and does not disable this feature on mobile devices running other Android versions. 6. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content- filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 7. Contact Information ======================================================================== You can contact Trend Micro via fax, phone, and email. Or visit us at http://www.trendmicro.com.