<> Trend Micro Incorporated October 25th, 2021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Analyzer 6.1 - Patch 1 English - Linux - 64 Bits Critical Patch - Build 1169 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ================================================================ 1. Critical Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 1.3 Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ================================================================ 1. Critical Patch Release Information ======================================================================== 1.1 Resolved Known Issues ==================================================================== This Critical Patch resolves the following issue(s): Issue 1: An issue related to an update package checking mechanism prevents users from applying future hotfixes and firmware successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch updates the Hotfix and Migration module to resolve the issue. 1.2 Enhancements ==================================================================== There are no enhancements for this Critical Patch release. 1.3 Files Included in This Release ==================================================================== There are no files included in this Critical Patch release. 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://success.trendmicro.com 3. System Requirements ======================================================================== 1. Deep Discovery Analyzer 6.1 Patch 1 Build 1163 - English - Linux - x64 4. Installation ======================================================================== This section explains key steps for installing the Critical Patch. 4.1 Installing ==================================================================== To install: 1. Copy the "ddan_61_lx_en_criticalpatch_b1169.7z.zip.tar" file to a local folder. 2. Open the Deep Discovery Analyzer web console. 3. Go to the "Administration > Updates > Hot Fixes/Patches" page. 4. Click "Browse" and select the "ddan_61_lx_en_criticalpatch_b1169.7z.zip.tar" file. 5. Click the "Install" button. The computer restarts automatically after the hotfix is installed successfully. 4.2 Uninstalling ==================================================================== This hotfix cannot be rolled back. 5. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================== Known issues in this release: #1 Known issue: [Reported at: DDAN 5.5.0 GM B1191] When a secondary appliance is configured as the new primary appliance of a cluster and it does not use the IP address of the previous primary appliance, the following occurs: 1. If the previous primary appliance was registered on a Trend Micro Control Manager server, the new primary appliance is not registered. 2. Any products integrated with the previous primary appliance are not integrated with the new primary appliance. The products cannot submit samples and they are not able to get the suspicious objects list. 3. The secondary appliances of the cluster are not registered in the new primary appliance. #2 Known issue: [Reported at: DDAN 5.5.0 GM B1191] The cloud sandbox setting is automatically disabled when the license expires and it is not automatically enabled when the license is renewed. #3 Known issue: [Reported at: DDAN 5.5.0 GM B1191] After the primary appliance of a cluster becomes inoperable and a secondary appliance from the cluster is configured to be the new primary appliance, the following occurs: 1. All samples that were being analyzed when the primary appliance becomes inoperable do not have an analysis result. 2. Any configuration changes made on the primary appliance within one day of it becoming inoperable may not synchronize with the secondary appliances in the cluster. #4 Known issue: [Reported at: DDAN 5.5.0 GM B1191] If the system time is modified during sample processing, the "Submissions" screen may display negative values for processing time and queued time. #5 Known issue: [Reported at: DDAN 5.5.0 GM B1191] Control Manager is unable to receive suspicious object information if Deep Discovery Analyzer is reinstalled and configured using the same IP address. Register the appliance again on the Control Manager console. #6 Known issue: [Reported at: DDAN 5.5.0 GM B1191] High availability does not function if the direct connection between active primary and passive primary appliances (via eth3) is interrupted. #7 Known issue: [Reported at: DDAN 5.5.0 GM B1191] If the passive primary appliance is detached from the active primary appliance and both remain powered on, the appliances send duplicate data to other servers (such as syslog and backup servers). Reinstall the Deep Discovery Analyzer software on the detached appliance to use it as a standalone appliance. #8 Known issue: [Reported at: DDAN 5.5.0 GM B1191] Deep Discovery Analyzer may send duplicate email notifications if the system time is set backward. #9 Known issue: [Reported at: DDAN 5.5.0 GM B1191] The following issues occur once after the system time is modified: * If the system time is set backward, Deep Discovery Analyzer may not automatically generate operational reports in one schedule period. Generate reports manually when necessary. * If the system time is set forward, Deep Discovery Analyzer generates duplicate operational reports. #10 Known issue: [Reported at: DDAN 5.5.0 GM B1191] Deep Discovery Analyzer is unable to back up and restore YARA rule information. Restore configuration settings and then import YARA rule files on the management console ("Virtual Analyzer > Sandbox Management > YARA Rules"). #11 Known issue: [Reported at: DDAN 5.5.0 GM B1191] If an offline passive primary appliance is removed from the cluster and then used as a standalone appliance, it will have the same UUID as another existing appliance. Reinstall the Deep Discovery Analyzer software to use the removed appliance as a standalone appliance. #12 Known issue: [Reported at: DDAN 5.5.0 GM B1191] The Dashboard screen has the following limitations: * Widgets may not appear in the correct order after the tab layout is changed. Reposition the widgets manually if necessary. * Some widgets do not support the auto-fit function. #13 Known issue: [Reported at: DDAN 5.5.0 GM B1191] Deep Discovery Analyzer may delete an image if the appliance is restarted while Virtual Analyzer is configuring that the instances of that image. #14 Known issue: [Reported at: DDAN 5.5.0 GM B1191] Virtual Analyzer reports (PDF) may contain incorrect page breaks. #15 Known issue: [Reported at: DDAN 5.5.1 Service Pack 1 B1135] SNMP settings cannot be configured on clustered (passive primary and secondary) Deep Discovery Analyzer appliances. These settings are automatically synced from the active primary appliance and will cause a SNMP server to receive identical device location information from all cluster nodes. #16 Known issue: [Reported at: DDAN 5.5.1 Service Pack 1 B1135] No SNMP trap messages are sent for alerts that have been disabled on the management console. #17 Known issue: [Reported at: DDAN 5.5.1 Service Pack 1 B1135] When Smart Protection Server is selected as Smart Protection source, but the 'Connect to global services using Smart Protection Server' option is disabled, the following services and the ability to test their connectivity will be disabled: * Certified Safe Software Service * Community File Reputation * Web Inspection Service * Smart Feedback #18 Known issue: [Reported at: DDAN 5.5.1 Service Pack 1 B1135] When performing sandbox analysis using a Windows 10 image that requires higher system resources, the performance of Deep Discovery Analyzer may be affected. Trend Micro recommends evaluating the system load capacity on Deep Discovery Analyzer before using a Windows 10 sandbox environment for analysis. #19 Known issue: [Reported at: DDAN 5.8.0 GM B1169] Using a proxy server configured with multiple accounts where each account uses a different authentication method may prevent some Deep Discovery Analyzer modules from connecting to that proxy server. 7. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Prior Hotfixes ==================================================================== Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 1166] Issue 1: Usandbox may stop responding while analysing a redirected URL that contains Unicode characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix upgrades the Usandbox module to version 5.2.1208 with SandCastle 6.0.3430 to resolve this issue. Issue 2: A sample may be treated as a suspicious object when it matches the customized deny list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix upgrades the Usandbox module to version 5.2.1208 with SandCastle 6.0.3430 to resolve this issue. Issue 3: Some HTML samples are identified as MIME type and cannot be analysed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix upgrades the Usandbox module to version 5.2.1208 with SandCastle 6.0.3430 to resolve this issue. Enhancement 1: This hotfix updates some internal modules to support Deep Discovery Web Inspector integration. 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits. As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide