<> Trend Micro Incorporated October 25th, 2021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Analyzer 6.5 - Patch 1 English - Linux - 64 Bits Critical Patch - Build 1222 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ================================================================ 1. Critical Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 1.3 Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ================================================================ 1. Critical Patch Release Information ======================================================================== 1.1 Resolved Known Issues ==================================================================== This Critical Patch resolves the following issue(s): Issue 1: An issue related to an update package checking mechanism prevents users from applying future hotfixes and firmware successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch updates the Hotfix and Migration module to resolve the issue. 1.2 Enhancements ==================================================================== There are no enhancements for this Critical Patch release. 1.3 Files Included in This Release ==================================================================== There are no files included in this Critical Patch release. 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://success.trendmicro.com 3. System Requirements ======================================================================== 1. Deep Discovery Analyzer 6.5 Patch 1 Build 1183 - English - Linux - x64 4. Installation ======================================================================== This section explains key steps for installing the Critical Patch. 4.1 Installing ==================================================================== To install: 1. Copy the "ddan_65_lx_en_criticalpatch_b1222.7z.zip.tar" file to a local folder. 2. Open the Deep Discovery Analyzer web console. 3. Go to the "Administration > Updates > Hot Fixes/Patches" page. 4. Click "Browse" and select the "ddan_65_lx_en_criticalpatch_b1222.7z.zip.tar" file. 5. Click the "Install" button. The computer restarts automatically after the hotfix is installed successfully. 4.2 Uninstalling ==================================================================== This hotfix cannot be rolled back. 5. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================== Known issues in this release: #1 Known issue: [Reported at: DDAN 5.5.0 GM B1191] When a secondary appliance is configured as the new primary appliance of a cluster and it does not use the IP address of the previous primary appliance, the following occurs: 1. If the previous primary appliance was registered on a Trend Micro Control Manager server, the new primary appliance is not registered. 2. Any products integrated with the previous primary appliance are not integrated with the new primary appliance. The products cannot submit samples and they are not able to get the suspicious objects list. 3. The secondary appliances of the cluster are not registered in the new primary appliance. #2 Known issue: [Reported at: DDAN 5.5.0 GM B1191] The cloud sandbox setting is automatically disabled when the license expires and it is not automatically enabled when the license is renewed. #3 Known issue: [Reported at: DDAN 5.5.0 GM B1191] After the primary appliance of a cluster becomes inoperable and a secondary appliance from the cluster is configured to be the new primary appliance, the following occurs: 1. All samples that were being analyzed when the primary appliance becomes inoperable do not have an analysis result. 2. Any configuration changes made on the primary appliance within one day of it becoming inoperable may not synchronize with the secondary appliances in the cluster. #4 Known issue: [Reported at: DDAN 5.5.0 GM B1191] If the system time is modified during sample processing, the "Submissions" screen may display negative values for processing time and queued time. #5 Known issue: [Reported at: DDAN 5.5.0 GM B1191] Control Manager is unable to receive suspicious object information if Deep Discovery Analyzer is reinstalled and configured using the same IP address. Register the appliance again on the Control Manager console. #6 Known issue: [Reported at: DDAN 5.5.0 GM B1191] High availability does not function if the direct connection between active primary and passive primary appliances (via eth3) is interrupted. #7 Known issue: [Reported at: DDAN 5.5.0 GM B1191] If the passive primary appliance is detached from the active primary appliance and both remain powered on, the appliances send duplicate data to other servers (such as syslog and backup servers). Reinstall the Deep Discovery Analyzer software on the detached appliance to use it as a standalone appliance. #8 Known issue: [Reported at: DDAN 5.5.0 GM B1191] Deep Discovery Analyzer may send duplicate email notifications if the system time is set backward. #9 Known issue: [Reported at: DDAN 5.5.0 GM B1191] The following issues occur once after the system time is modified: * If the system time is set backward, Deep Discovery Analyzer may not automatically generate operational reports in one schedule period. Generate reports manually when necessary. * If the system time is set forward, Deep Discovery Analyzer generates duplicate operational reports. #10 Known issue: [Reported at: DDAN 5.5.0 GM B1191] Deep Discovery Analyzer is unable to back up and restore YARA rule information. Restore configuration settings and then import YARA rule files on the management console ("Virtual Analyzer > Sandbox Management > YARA Rules"). #11 Known issue: [Reported at: DDAN 5.5.0 GM B1191] If an offline passive primary appliance is removed from the cluster and then used as a standalone appliance, it will have the same UUID as another existing appliance. Reinstall the Deep Discovery Analyzer software to use the removed appliance as a standalone appliance. #12 Known issue: [Reported at: DDAN 5.5.0 GM B1191] The Dashboard screen has the following limitations: * Widgets may not appear in the correct order after the tab layout is changed. Reposition the widgets manually if necessary. * Some widgets do not support the auto-fit function. #13 Known issue: [Reported at: DDAN 5.5.0 GM B1191] Deep Discovery Analyzer may delete an image if the appliance is restarted while Virtual Analyzer is configuring that the instances of that image. #14 Known issue: [Reported at: DDAN 5.5.0 GM B1191] Virtual Analyzer reports (PDF) may contain incorrect page breaks. #15 Known issue: [Reported at: DDAN 5.5.1 Service Pack 1 B1135] SNMP settings cannot be configured on clustered (passive primary and secondary) Deep Discovery Analyzer appliances. These settings are automatically synced from the active primary appliance and will cause a SNMP server to receive identical device location information from all cluster nodes. #16 Known issue: [Reported at: DDAN 5.5.1 Service Pack 1 B1135] No SNMP trap messages are sent for alerts that have been disabled on the management console. #17 Known issue: [Reported at: DDAN 5.5.1 Service Pack 1 B1135] When Smart Protection Server is selected as Smart Protection source, but the 'Connect to global services using Smart Protection Server' option is disabled, the following services and the ability to test their connectivity will be disabled: * Certified Safe Software Service * Community File Reputation * Web Inspection Service * Smart Feedback #18 Known issue: [Reported at: DDAN 5.5.1 Service Pack 1 B1135] When performing sandbox analysis using a Windows 10 image that requires higher system resources, the performance of Deep Discovery Analyzer may be affected. Trend Micro recommends evaluating the system load capacity on Deep Discovery Analyzer before using a Windows 10 sandbox environment for analysis. #19 Known issue: [Reported at: DDAN 5.8.0 GM B1169] Using a proxy server configured with multiple accounts where each account uses a different authentication method may prevent some Deep Discovery Analyzer modules from connecting to that proxy server. 7. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Prior Hotfixes ==================================================================== Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 1218] Issue 1: An issue prevents Usandbox from analyzing HTML attachments in certain EML samples. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix upgrades the Usandbox module to version 5.3.1228 with SandCastle 6.0.4822 to fix this issue. [Hotfix 1217] Enhancement 1: This hotfix updates some internal modules of Deep Discovery Analyzer. [Hotfix 1215] Issue 1: Usandbox cannot analyze Microsoft(TM) Office Excel files with a default password that is not in the password list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: this hotfix upgrades the Usandbox module to version 5.3.1223 with SandCastle 6.0.4266 to fix this issue. [Hotfix 1214] Issue 1: In request modification mode, the ICAP server in Deep Discovery Analyzer may respond with a malformed encapsulated HTTP message when the HTTP body is not in UTF-8. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the ICAP module in Deep Discovery Analyzer to ensure that the ICAP server response normally in request modification mode. Enhancement 1: This hotfix improves the visualization of firmware upgrades on the web management console. [Hotfix 1212] Issue 1: An issue prevents the Usandbox module from extracting certain ISO image samples for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix upgrades the Usandbox module to version 5.3.1222 with SandCastle 6.0.4264 to fix this issue. [Hotfix 1211] Issue 1: Some archive file samples cannot be decompressed and analyzed by Usandbox. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the Usandbox module to version 5.3.1219 with SandCastle 6.0.3853 to fix this issue. [Hotfix 1210] Enhancement 1: This hotfix updates the Deep Discovery Director agent program in Deep Discovery Analyzer to version 3.5.0.2004. Enhancement 2: This hotfix updates some internal modules in Deep Discovery Analyzer. [Hotfix 1208] Issue 1: An issue prevents Usandbox from analysing certain RAR file samples. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the Usandbox module to version 5.3.1216 with SandCastle 6.0.3853 to fix this issue. Issue 2: The sample queue in Deep Discovery Analyzer grows long when Usandbox attempts to decompress massive files from an archive without the correct password. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates the Usandbox module to version 5.3.1216 with SandCastle 6.0.3853 to fix this issue. [Hotfix 1205] Enhancement 1: This hotfix updates some internal modules of Deep Discovery Analyzer. [Hotfix 1203] Issue 1: File samples remain in the queue for a long time when there is a large number of URL submissions for second-half processing. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates some internal modules and Usandbox to version 5.3.1211 with SandCastle 6.0.3430 to resolve this issue. Issue 2: Some redirect URLs cannot be analyzed by Usandbox. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates the Usandbox module to version 5.3.1211 with SandCastle 6.0.3430 to fix this issue. [Hotfix 1198] Enhancement 1: This hotfix improves the Active Updates (AU) in Deep Discovery Analyzer. [Hotfix 1193] Enhancement 1: This hotfix updates some internal modules to enable users to configure the Deep Discovery Director port from the Deep Discovery Analyzer web console. Enhancement 2: This hotfix updates some internal modules to prevent an incompatibility issue that can trigger an error when users generate STIX reports from Deep Discovery Analyzer 6.5 and then import this to the third-party tool with Python STIX. [Hotfix 1188] Issue 1: When searching for Active Directory (AD) users or groups on Deep Discovery Analyzer, the search times out without generating any result. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix upgrades the LDAP module to ensure that users can search for AD users or groups normally. [Hotfix 1187] Issue 1: Deep Discovery Analyzer returns a server error when it receives a URL sample that contains square brackets in the domain part from other Trend Micro products. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates some internal modules to fix this issue. Issue 2: False alarms may be triggered during a scheduled Active Update (AU) components update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves this issue by upgrading some internal modules in Deep Discovery Analyzer. Issue 3: The mail notification module of Deep Discovery Analyzer may be affected by a memory leak issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves this issue by upgrading the mail notification module of Deep Discovery Analyzer. Issue 4: File samples may not be processed by Usandbox when there is a large number of URL sample submissions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix updates some internal modules to resolve this issue. Enhancement 1: This hotfix extends the maximum number of user defined suspicious objects (UDSO) synced from Deep Discovery Director to 80,000 entries. Enhancement 2: This hotfix upgrades the Usandbox module to version 5.3.1196 with SandCastle 6.0.3430. 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits. As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide