<> TXOne Networks, Inc. January 10, 2023 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TXOne StellarOne for StellarProtect/StellarProtect (Legacy Mode) 2.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTE: This readme file was current as of the date above. Support for TXOne Networks products is mutually provided by TXOne Networks and Trend Micro. All technical support goes through TXOne Networks and Trend Micro engineers. All customers are advised to check the following website for documentation updates: https://success.trendmicro.com/ TXOne Networks always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any TXOne Networks documents, please contact us at docs@txone-networks.com. Your feedback is always welcome. Please evaluate this documentation on the following site: https://docs.trendmicro.com/en-us/survey.aspx ==================================================================== Contents ==================================================================== 1. About TXOne Stellar 2. What's New 3. Documentation Set 4. System Requirements 5. Installation 6. Known Issues 7. Release History 8. Contact Information 9. About TXOne Networks 10. License Agreement ==================================================================== 1. About TXOne Stellar ==================================================================== TXOne Stellar is a first-of-its-kind OT endpoint protection platform, which includes: StellarOne, the centralized management console designed to streamline administration of both StellarProtect for modernized systems and StellarProtect (Legacy Model) for legacy systems. StellarProtect, the unified agent with industrial-grade next-generation antivirus and application lockdown endpoint security deployment for modernized OT/ICS endpoints. StellarProtect (Legacy Model), for trust-list based application lockdown of legacy and fixed-use OT/ICS endpoints with on-demand AV scan and real-time malware scan. Together, the StellarProtect and StellarProtect (Legacy Mode) consist of an agent program that resides on endpoints and the StellarOne web-based console as a server program that manages agents. The StellarOne console administrates StellarProtect's and StellarProtect (Legacy Mode)'s agent deployment, status, and events. For example, administrators can remotely manage devices with global or group policies, configure StellarOne configurations and manage events and logs. The StellarProtect agent provides an ICS-compatible, high performance, and zero touch endpoint protection solution. The StellarProtect agent includes the following new features and benefits: - Application Lockdown: prevents malware attacks and increases protection level by allowing only the files defined in an Approved List to be executed - Industrial-Grade Next-Generation Antivirus: Secures OT assets with no interruption to operations with ICS root of trust and advanced threat scan - Operations Behavior Anomaly Detection: Detects abnormal operations and enforces least privilege-based control to prevent malware-free attacks - OT Application Safeguard: Intelligently locates and secures the integrity of the OT/ICS process from OT/ICS targeted attacks - Device Control: Prevents insider threats by only allowing usage of USB ports on a case-by-case administrator-reviewed basis The StellarProtect (Legacy Mode) agent provides a simple, no-maintenance solution to lock down and protect fixed-function computers like Industrial Control Systems (ICS), Point of Sale (POS) terminals,and kiosk terminals from malicious software and unauthorized use, helping protect businesses against security threats and increase productivity. By using fewer resources and without the need for regular software or system updates, StellarProtect (Legacy Mode) can reliably secure computers in industrial and commercial environments, and StellarProtect can reliably secure modernized computers in industrial and commercial environments, both with little performance impact or downtime. With StellarOne, administrators can remotely deploy the agent configurations, set initial agent Approved Lists, and change agent Application Lockdown states. In addition, StellarOne can be used to schedule StellarProtect's scanning operations. Moreover, the administrator can view the block event logs from the StellarProtect/StellarProtect (Legacy Mode) agents and determine what actions to be taken on these blocked files. This reduces the time and effort required to verify the threat, and facilitates a quick response to the incidents. ==================================================================== 2. What's New ==================================================================== The TXOne StellarOne web console now includes the following new features and benefits: TXOne StellarOne 2.1.1127: - TXOne StellarOne is available from Amazon's AWS BYOL and can be deployed from AMI on an AWS EC2 instance. - TXOne StellarOne can be integrated to Trend Micro's Vision One and allows Vision One users to search for StellarOne's detection logs. - A single installer package for the Agent, StellarProtect and StellarProtect (Legacy Mode), is available for download from StellarOne. After being invoked, the single installer can identify the version of Windows installed on the endpoint and launch the suitable installer for the endpoint to install. - Supports license key and license file for product activation - Adds the new policy setting, Anti-Malware Scanning for StellarProtect (Legacy Mode), allowing StellarOne administrator to remotely enable agents to persistently scan new and changed files, along with system memory. - Adds the new policy setting, Agent Component Update Schedule for StellarProtect (Legacy Mode), enabling StellarOne administrator to remotely schedule for component update on agents. ==================================================================== 3. Documentation Set ==================================================================== To download or view electronic versions of the documentation for this product, please visit https://docs.trendmicro.com. - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying TXOne StellarOne. - Administrator's Guide (AG): Provides post-installation instructions on how to configure the settings to help you use TXOne StellarOne's management features. Also includes instructions on performing other administrative tasks for the configuration and monitor of StellarProtect or StellarProtect (Legacy Mode) agents. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to success.trendmicro.com ==================================================================== 4. System Requirements ==================================================================== StellarOne is packaged in an Open Virtual Appliance (OVA) format or Virtual Hard Disk v2 (VHDX) format. Different package files respectively apply to different hypervisors. ==================================================================== 4.1 Supported Hypervisor ==================================================================== a. OVA file format: - VMWare ESXi 6.5 or above - VMware Workstation 16 Pro or above b. VHDX file format: - Windows Server 2019, Hyper-V Manager Windows 10 or above ==================================================================== 4.2 Supported Browser ==================================================================== - Google Chrome 87 or above - Microsoft Edge 79 or above - Mozilla Firefox 78 or above Note: Minimum supported resolution is 1366*768. ==================================================================== 5. Installation ==================================================================== Please see the Installation Guide. Note: StellarOne 2.0 does not support using .acf patch file for firmware upgrade via StellarOne web console. It requires importing the .ova or .vhdx file to the new instance and mounting the 2nd external disk from the previous StellarOne instance for upgrade. Note: The Active Update server link has been changed to http://ttau.cs.txone.com. Please ensure that you whitelist this URL in your firewall. ==================================================================== 5.1 Prescan ==================================================================== The prescan function can scan the whole device to add all present OT/ICS applications to the Approved List before StellarProtect is activated. - Before the prescan, please empty the recycle bin. - The prescan process may take 30 minutes to 5 hours, depending on how many apps are installed on the device. - It is strongly recommended NOT to skip the prescan. If the prescan is skipped, it may cause later delays in the operation of OT/ICS applications. ==================================================================== 6. Known Issues ==================================================================== Known issues in this release are listed below, in 6.1 - 6.3: ================================================================== 6.1 StellarProtect (Legacy Mode) ================================================================== a. Upon the completion of StellarOne server scanning, the consumed memory will not be released. b. Be sure to manually trigger the "Update Approved List" action if the Approved List is not created upon installation. c. To upgrade agents on Windows XP SP3 platform to version 1.2+, please upgrade the agents to 1.1.1014 first. d. StellarProtect (Legacy Mode) installed on Windows 2000 SP4 or Windows XP SP1 does not support "quarantine" scan action; however, the agent event logs shown on StellarOne (event ID: 8011) would still allow users to select "quarantine" scan action. [TMSL-2687] ================================================================== 6.2 StellarProtect ================================================================== There is no known issue for StellarProtect in this release. ================================================================== 6.3 StellarOne ================================================================== a. StellarOne 2.0 does not support using .acf patch file for firmware upgrade via StellarOne web console. It requires importing the .ova or .vhdx file to the new instance and mounting the 2nd external disk from the previous StellarOne instance for upgrade. b. StellarOne 2.0 does not support switching language setting to Japanese. ==================================================================== 7. Release History ==================================================================== For more information about updates to this product, go to: https://www.trendmicro.com/download TXOne StellarOne 2.1.1127 - January 10, 2023 ==================================================================== 8. Contact Information ==================================================================== A license to TXOne Networks software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase. After the first year, you must renew the license on an annual basis at TXOne's then-current maintenance fees. Contact TXOne Networks via fax, phone, and email, or visit our website to download evaluation copies of TXOne products. https://www.txone.com/contact/ NOTE: This information is subject to change without notice. ==================================================================== 9. About TXOne Networks ==================================================================== TXOne Networks Inc. offers cybersecurity solutions to protect industrial control systems (ICS), ensuring reliability and safety from cyberattacks. ==================================================================== 10. License Agreement ==================================================================== View information about your license agreement with TXOne Networks at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Installation and Administrator's Guide