<> Trend Micro Incorporated September 5th, 2023 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan Web Security Virtual Appliance 6.5 - Service Pack 3-Patch2 English - Linux - 64 Bits Patch - SP3-Patch2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/SP release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ================================================================ 1. Patch Release Information 1.1. Resolved Known Issues 1.2. Enhancements 1.3. Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1. Installing 4.2. Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ================================================================ 1. Patch Release Information ======================================================================== 1.1. Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: The HTTP scanning service may crash when processing specific HTTP traffic by Application Control. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix upgrades ixEngine module to fix this [Hotfix 3351] issue. (SEG-182115) Issue 2: The "System Status" page in the IWSVA console may not show when IWSVA is installed on some hardware platforms. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves this issue. [Hotfix 3351] (SEG-183938) Issue 3: When the IWSVA traffic is heavy and the HTTP Verbose Log is enabled, the IWSVA HTTP daemon may have memory access violations and may consequently crash. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: The hotfix resolves the issue and the IWSVA HTTP [Hotfix 3349] daemon will not have memory access violations. (SEG-181462) Issue 4: When InterScan Web Security Virtual Appliance is in ICAPS mode, an internal issue may cause an infinite nonblocking IO loop or persistent connection issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix resolves the issue. [Hotfix 3349] (SEG-183678) Issue 5: In IWSVA 6.5 SP3, full restore under Administration > Config Backup / Restore > Restore Configuration File may take long time on some VMware platforms, which casues the "Connection refused" error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix adds a key to set the connection [Hotfix 3346] timeout period. (SEG-178989) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 5: 1. Log on to IWSVA through SSH. 2. Edit /etc/iscan/intscan.ini and change "tomcat_config_backup_progress_timeout" to a desired timeout period. The unit is milliseconds. The default value is 360000 (6 minutes). You can set a value from 60000 and 1800000 (namely 1 to 30 minutes). 3. Run the following command to restart Tomcat for the change to take effect. /etc/iscan/S99IScanHttpd restart Issue 6: IWSVA 6.5 SP3 uses a version of OpenSSL with the vulnerability CVE-2023-2650. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix upgrades the OpenSSL version to [Hotfix 3346] protect IWSVA against the vulnerability. (VRTS-9862) Issue 7: The IWSVA administrator cannot find corresponding system event logs on the CCR receiver when the administrator triggers “Policy & Configuration Replication” on the CCR source. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix resolves the issue. [Hotfix 3342] (SEG-178693) Issue 8: After clicking "Save" on the Custom URL Categories page, the existing entry "@domain" is changed to "@.domain" automatically. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This hotfix resolves the issue. [Hotfix 3342] (SEG-178820) Issue 9: Configuration replication logs are not recorded when configuration replication is completed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: Related logs are recorded when configuration [Hotfix 3340] replication is completed. (SEG-174136) Issue 10: After upgrade to IWSVA 6.5 SP3, the description for scheduled product license update is not recorded in system event logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This hotfix recovers the description "Not perform [Hotfix 3340] online update license by schedule." in system (SEG-173996) event logs and changes the level of this log from "Warning" to "Notice". Issue 11: On the "Custom Categories" screen, [Add] buttons should be displayed until 256 custom categories are added, however, the [Add] button at the bottom of the custom category list disappears when more than 64 custom categories are added. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: The [Add] button at the bottom of the custom [Hotfix 3339] category list is shown until 256 custom categories (SEG-173931) are added, as well as the [Add] button at the top of the list. Issue 12: The HTTP scanning service may not reload after the InterScan Web Security Virtual Appliance administrator performs some actions on the web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This Hotfix resolves the issue. [Hotfix 3339] (SEG-171071) (SEG-185751) Issue 13: After a system reboot, the host name for InterScan Web Security Virtual Appliance becomes all lower case. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This Hotfix resolves the issue. [Hotfix 3339] (SEG-168538) Issue 14: The web console of InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP3 uses a version of Apache Tomcat that is vulnerable to CVE-2023-24998. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This hotfix updates the Apache Tomcat version to [Hotfix 3332] protect IWSVA against the vulnerability. (VRTS-9347) Enhancement 14: The corporate logo in the console of InterScan [Hotfix 3332] Web Security Virtual Appliance (IWSVA) 6.5 SP3 (SEG-170697) is updated. Issue 15: In InterScan Web Security Virtual Appliance, the HTTPS decryption feature uses OpenSSL that may be vulnerable to CVE-2022-4450. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This Hotfix updates the OpenSSL version to protect [Hotfix 3331] against the vulnerability. (VRTS-9032) Issue 16: In InterScan Web Security Virtual Appliance, the HTTPS decryption feature uses OpenSSL that may be vulnerable to CVE-2022-4304. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This Hotfix updates the OpenSSL version to protect [Hotfix 3331] against the vulnerability. (VRTS-9031) Issue 17: In InterScan Web Security Virtual Appliance, the HTTPS decryption feature uses OpenSSL that may be vulnerable to CVE-2023-0215. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This Hotfix updates the OpenSSL version to protect [Hotfix 3331] against the vulnerability. (VRTS-9033) Issue 18: When InterScan Web Security Virtual Appliance is deployed in Web Cache Coordination Protocol (WCCP) mode, the system may not apply the white list properly on HTTPs traffic. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This Hotfix resolves the issue. [Hotfix 3331] (SEG-164177) Issue 19: When blocking the Executables file type is selected in HTTP scan policies, InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP3 also blocks .zlib files because the .exe and .zlib formats share the same internal file type ID. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This hotfix changes the internal file type ID of [Hotfix 3331] .exe files to a different value to prevent IWSVA (SEG-167027) from blocking .zlib files when HTTP scan policies are configured to block executable files. Issue 20: Some characters in the Ransomware Detections screen (Dashboard > Top Ransomware Detections) do not display properly in the console of InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP3 Patch 1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This hotfix fixes this issue. [Hotfix 3331] (SEG-168533) Issue 21: When InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP3 Patch 1 works in Forward Proxy mode, if upstream proxy was once enabled, IWSVA keeps checking the status of the upstream proxy server even if the setting has already been disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This hotfix solves this issue. [Hotfix 3328] (SEG-167756) Issue 22: The CSV file of the exported System Event logs contains garbled text. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This Hotfix resolves the issue. [Hotfix 3323] (SEG-167133) Issue 23: A error may cause the content cache exclusion list import to fail. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This Hotfix resolves the issue. [Hotfix 3323] (SEG-164501) Issue 24: Some URL filtering categories and category groups used in InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP3 Patch 1 are not the latest. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This hotfix updates the URL filtering categories [Hotfix 3322] list. (SEG-163917) Issue 25: Transferring large files using FTP through InterScan Web Security Virtual Appliance (IWSVA) may fail because the "/usr/iwss/bin/cleanfile" program may delete files in the temporary folder that IWSVA uses to store the transferred files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This hotfix fixes this issue so that the [Hotfix 3322] "/usr/iwss/bin/cleanfile" program does not delete (SEG-165827) large temporary files that are already opened by the IWSVA FTP daemon. Issue 26: Logon to the web console of InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP3 times out in some conditions. The root cause is that the Tomcat service still keeps the socket connection of the previous logon session after the session is closed on the client side. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This hotfix updates the Tomcat configuration file [Hotfix 3322] so that the Tomcat service can release the socket (SEG-161936) connection once a logon session is closed on the (SEG-153455) client side. Issue 27: The Content Cache feature of InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP3 may fail to be enabled because the configuration file does not get proper permission in some conditions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This hotfix fixes this issue. [Hotfix 3322] (SEG-158881) Issue 28: A certificate error occurs when users visit some websites that require HTTPS decryption through InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP3 in the Web Cache Coordination Protocol (WCCP) mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: The hotfix fixes this issue. [Hotfix 3322] (SEG-160587) Issue 29: InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP3 is affected by CVE-2022-40674. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This hotfix upgrades the expat library to solve [Hotfix 3317] this vulnerability claim. (VRTS-8378) Issue 30: Apache Tomcat used by InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP3 is affected by CVE-2021-43980. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This hotfix solves this vulnerability claim. [Hotfix 3317] (VRTS-8355) Issue 31: The log agent may have performance issues that cause log query delay or high disk usage when there are many custom categories. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This hotfix fixes this issue. [Hotfix 3317] (SEG-158765) Issue 32: Japanese characters cannot display properly in the exported PDF file if the time range is selected on the log query screen of the InterScan Web Security Virtual Appliance (IWSVA) console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: This hotfix fixes this issue. [Hotfix 3317] (SEG-153696) Issue 33: After InterScan Web Security Virtual Appliance (IWSVA) was upgraded to SP3, the Tomcat log rotation does not work, which continues to increase the size and number of log files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This hotfix fixes this issue. [Hotfix 3317] (SEG-94565) Issue 34: InterScan Web Security Virtual Appliance (IWSVA) does not collect the commonlog device group information in CDT and not include the information in the migration scope. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: This hotfix fixes this issue. [Hotfix 3317] (SEG-156326) 1.2. Enhancements ==================================================================== The following enhancements are included in this patch: Enhancement 1: This patch upgrades OpenSSL. (VRTS-9032) (VRTS-9031) (VRTS-9033) 1.3. Files Included in This Release ==================================================================== annotations-api.jar 3353 AUConn.sh 3353 AuthDaemon 3353 banner_iwsav.gif 3353 bootstrap.jar 3353 cache_helper.sh 3353 catalina-ant.jar 3353 catalina-ha.jar 3353 catalina.jar 3353 catalina-ssi.jar 3353 catalina-storeconfig.jar 3353 catalina-tribes.jar 3353 CDT_Config.ini 3353 cleanfile 3353 commons-beanutils.jar 3353 commons-collections-3.2.2.jar 3353 commons-daemon.jar 3353 commons-daemon-native.tar.gz 3353 commons-digester.jar 3353 commons-fileupload.jar 3353 commons-io.jar 3353 commons-logging-1.2.jar 3353 compliance_templates.jsp 3353 config_backup_collapsed.jsp 3353 config_backup_progress.jsp 3353 ecj-4.20.jar 3353 el-api.jar 3353 expat-2.1.0-15.el7_9.x86_64.rpm 3353 hostname.sh 3353 http_config_contentcache_exception.jsp 3353 i18n_log_dynamic.js 3353 isdelvd 3353 IWSSGui.jar 3353 iwss_log_converter.py 3353 IWSSPIScanVsapi.so 3353 IWSSPIUrlFilter.so 3353 iwsva_banner.gif 3353 iwsvanetfun.sh 3353 jasper-el.jar 3353 jasper.jar 3353 jaspic-api.jar 3353 jsp-api.jar 3353 libdaemonbase.so 3353 libdaemon.so 3353 libftp.so 3353 libhttpconn.so 3353 libhttpproxy.so 3353 libHTTPSDecryption.so 3353 libiwsshelper.so 3353 libProductLibrary.so 3353 libtmprotocols.so.2062055 3353 libtmprotodef.so.2062055 3353 libuiauutil.so 3353 login_logo.gif 3353 logrotate 3353 migration.sh 3353 pas_banner.gif 3353 ransomware_dashboard.jsp 3353 rb_java_urlf.txt 3353 rule_file_va6.5sp3_to_va6.5sp3.xml 3353 schedulepr_update 3353 servlet-api.jar 3353 show_network.xml 3353 svcmonitor 3353 tmHWMonitor.sh 3353 tmpstring.js 3353 tomcat-api.jar 3353 tomcat-coyote.jar 3353 tomcat-dbcp.jar 3353 tomcat-i18n-cs.jar 3353 tomcat-i18n-de.jar 3353 tomcat-i18n-es.jar 3353 tomcat-i18n-fr.jar 3353 tomcat-i18n-ja.jar 3353 tomcat-i18n-ko.jar 3353 tomcat-i18n-pt-BR.jar 3353 tomcat-i18n-ru.jar 3353 tomcat-i18n-zh-CN.jar 3353 tomcat-jdbc.jar 3353 tomcat-jni.jar 3353 tomcat-juli.jar 3353 tomcat-native.tar.gz 3353 tomcat-util.jar 3353 tomcat-util-scan.jar 3353 tomcat-websocket.jar 3353 urlfcMapping.ini 3353 urlfcMapping.properties 3353 urlf_custom_category.jsp 3353 websocket-api.jar 3353 wizard_top_TM_logo.jpg 3353 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://success.trendmicro.com 3. System Requirements ======================================================================== 1. InterScan Web Security Virtual Appliance 6.5 SP3-Patch1 Build 3310 - English - Linux - x64 4. Installation ======================================================================== This section explains key steps for installing the Patch. 4.1. Installing ==================================================================== To install: 1. Download the "iwsva_65_sp3_ar64_en_patch2.zip" patch file onto your local hard disk. 2. Log on to the IWSVA admin console GUI. 3. Go to the "Administration > System Updates" page. 4. Click "Browse". 5. Browse your local hard disk for the patch file and click "Open". 6. Click "Upload". Your browser uploads the patch file to IWSVA and IWSVA validates if the file is a legitimate patch. 7. Click "Install". Note: Applying this patch will interrupt the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 4.2. Uninstalling ==================================================================== To roll back to the previous build: 1. Log on to the IWSVA admin console GUI. 2. Go to the "Administration > System Updates" page. 3. Click "Uninstall" next to "patch". A confirmation page appears. 4. Verify the patch ID and description on the confirmation page. 5. Click "Uninstall". Note: Removing this patch will interrupt the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 5. Post-installation Configuration ======================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================== Known issues in this release: #1 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] This happens when IWSVA uses multiple authentication servers, and the Active Directory domain is configured before any other type of server. To fix this known issue, delete the Active Directory domain only, and configure it again. #2 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] Some applications use HTTPS. Under this scenario, HTTPS decryption for this app URL must be enabled, otherwise, HTTPS-based applications cannot be blocked. For example, Yahoo mail uses HTTPS for Internet Explorer 10, Firefox 23, and Chrome 30.0. To keep granular application control working, an HTTPS decryption policy must be set. 1. Add a customized category in "HTTP > Configuration > Customized Categories". For example, "appcontrol". Add the application's connection URLs and URL keywords. 2. Enable HTTPS decryption and select a category to be decrypted. Such as: "HTTPS Decryption > Policies", enable "HTTPS Decryption". Select the URL category for "appcontrol" to be decrypted. #3 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] If LDAP authentication is enabled in the bridge or WCCP mode, HTTPS requests will not trigger an LDAP query. If there are no HTTP requests to do an LDAP authentication on before the HTTPS is requested to set up the IP-user cache, HTTPS will not be able to do the user-based policy match. It will use "IP" or "Unknown" as the username. #4 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] Log server mode triggers only log sources sending logs to the log server. For related configurations, log filtering settings, anonymous logging, and HTTPS tunneling settings will not take effect on the log sources as their configurations cannot be automatically synchronized between log servers and log sources. If those features are needed, it is strongly recommended to use replication configuration and make the log server a configuration replication source as well. Use the "Manual Replication," and select "Policy & Configuration Replication" to sync both policies and configurations from the log server to the log sources. #5 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] HTTPS Decryption Limitation 1. When visiting HTTPS sites by IP address in bridge mode, the HTTPS requests will be tunneled. The workaround is to change the "client_hello_no_host_tunnel=no" key in the "intscan.ini" file. 2. For Windows XP+IE8, HTTPS will not do decryption in bridge mode. The workaround is to change the "client_hello_no_host_tunnel=no"key in the "intscan.ini" file. #6 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] When Directory Settings are configured, IWSVA synchronizes with the listed LDAP server every 24 hours. When an LDAP user/group is added to the directory server, the change takes effect when the next synchronization cycle begins. For faster synchronization with the LDAP server, do a Manual Sync with the LDAP server. * On the "User Identification" page, click the "Sync with LDAP servers" button. #7 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] Firefox users see a certification exception dialog when attempting to access HTTPS URLs with an IPv6 address in DNS. Workarounds include: * Use the host name of the IPV6 server. * Do not use the IP address to access HTTPS-related IPV6 web sites. * Use IE or Chrome web browsers to access the site. #8 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] In reverse proxy mode, traffic cannot be forwarded to IPv6 servers with a link-local address. End-users cannot access the web server and will not be protected by IWSVA. The workaround is to use a global IPV6 address for the protected server behind IWSVA. #9 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] Safari has a more stringent certificate-checking mechanism and does not accept IWSVA Captive Portal's default certificate. Workaround: Do not use Safari to surf the Internet through IWSVA, or deactivate cookie mode. #10 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] The "show network interfaces status" command is a function of IWSVA CLISH. It helps an administrator check the current interface status. If the administrator does not type anything in CLISH within 900 seconds, CLISH cannot quit the usual way through the console. The administrator can use the "killall" and "shownic" commands to quit. To stop the current timeout process: 1. Change to another console by pressing ALT+F2. 2. Use the following "killall" command to end the timeout process. `killall -9 shownic` #11 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] This issue occurs when IWSVA 6.0 is connected to a switch at the same time another machine is connected to the same switch. That machine's MAC IP address will float between its real port and the IWSVA port. This only occurs in the Transparent Bridge mode. To fix this issue, add the MAC address filter option. To do this, access the "/etc/iscan/network.ini" file using the CLISH tool, and run one of the following commands: * add mac_filter=[mac address which you want to skip] or * add mac_filter!=[mac address which you want to scan] Then, type the command `service network restart` on console. #12 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] The Application Control feature only blocks new connections to the protocols specified in a new policy. If you deploy a new policy to block Skype after being logged on to Skype, then Skype is not blocked. However, if you log off Skype and then log on again, the policy works, and Skype is blocked. #13 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] This is caused by the time quota implementation method. The default quota unit is five minutes. Trend Micro recommends that administrators set the "Time quota" value to a multiple of five. Otherwise, IWSVA ignores the remainder if it is less than five. For example, if the value is set to four minutes, IWSVA interprets that as zero minutes. If the value is set to nine minutes, IWSVA interprets that as five minutes. The time quota setting depends on the system time. For example, if it is now 10:03 and the time quota = 5, the end user could only have access for two minutes. That happens because the time quota is split into five-minute increments (10:00-10:05, 10:05-10:10, etc.). Every five minutes, a new increment begins. #14 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] When you install IWSVA on a VMware ESX Virtual Machine, occasionally you might see the following error message: "Memory for crash kernel (0x0 to 0x0) not within permissible range" This message is normal and safe to ignore. #15 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] If the machine cannot find a storage controller, the installer will check if the storage controller exists. If the storage controller does not exist, the installation will fail even if the minimum hardware requirements for memory and disk are met. The workaround is to skip the hardware check. To skip the hardware check: 1. When the "Minimum hardware requirements were not met" message is displayed, click "Next". 2. When the installation menu page appears, press "Tab" to open a command line. 3. Type "nohwfail" and press "Enter" to continue installing IWSVA. #16 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] For example, the HTTP connection will be reset by IWSVA if a browser keeps posting a large file and ignoring the HTTP 403 block page notification from IWSVA. In another example, the Google search page does not show any response if the query is blocked by the IWSVA query keyword filter. This happens when the Google search setting "Use Google Instant predictions and results appear while typing" is enabled. This is because the Google page uses AJAX to query data with a private format, not normal HTML. As a result, it ignores the IWSVA 403 block notification page. The block page is displayed correctly after "Google Instant" is disabled. In these examples, the HTTP Inspection filter is working correctly, content is blocked, but the user may not receive feedback explaining why the content is blocked because the browser cannot display the IWSVA notification. #17 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] If the time zone is UTC+4:30 or UTC+5:45, which is not the top of the hour. The data present on dashboard or log query data and raw log data might not sync with each other, but the log in database are correct. #18 Known issue: [Reported at: IWSVA 6.5.0 GM B1200] When deployed in the Proxy Chain, the application control daemon cannot get the source IP to match the policy. This is a limitation. #19 Known issue: [Reported at: IWSVA 6.5.1 Service Pack 1 B1080] This happens because the web console uses the HTTPS channel by default, and the Web browser is unable to download the PAC file. This known issue occurs if the client Web browser does not import the security certificate from the IWSVA web console, or the security certificate "host name" and "common name" do not match. To work around this issue, do the following: 1. Log on to the IWSVA web console, and navigate to the following location: "Administration > Network Configuration > Web Console". 2. Select Non-SSL mode, and click "Save" to save the settings. The web console redirects to the new URL (http://[iwsva_IP_address]:1812). 3. Update the download location for the PAC file in the web browser. To get the PAC file location, navigate on IWSVA web console to: "Administration > IWSVA Configuration > PAC Files Management". #20 Known issue: [Reported at: IWSVA 6.5.2 Service Pack 2 B1548] IWSVA bandwidth control is implemented via Linux's traffic control subsystem, while content cache transfers the upstream traffic via the logical network interface, lo, which is not controlled by traffic control. As such, IWSVA bandwidth control does not control the upstream traffic which, instead, directs through lo. To work around this issue, disable content cache, and configure Apache Traffic Server (ATS) as an upstream proxy for IWSVA. #21 Known issue: [Reported at: IWSVA 6.5.3 Service Pack 3 B3257] IWSVA bandwidth control is implemented via Linux's traffic control subsystem, while content cache transfers the upstream traffic via the logical network interface, lo, which is not controlled by traffic control. As such, IWSVA bandwidth control does not control the upstream traffic which, instead, directs through lo. To work around this issue, disable content cache, and configure Apache Traffic Server (ATS) as an upstream proxy for IWSVA. 7. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Prior Hotfixes ==================================================================== There are no prior hotfixes. 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits. As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2023, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide