<> Trend Micro Incorporated February 15th, 2022 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Inspector 5.1 - GM English - Linux - 64 Bits Critical Patch - Build 1266 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ================================================================ 1. Critical Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 1.3 Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ================================================================ 1. Critical Patch Release Information ======================================================================== 1.1 Resolved Known Issues ==================================================================== There are no issues for this Critical Patch release. 1.2 Enhancements ==================================================================== The following enhancements are included in this Critical Patch: Enhancement 1: This Hotfix enables Deep Discovery Inspector to support the Entrust certificate for the Active Update module to ensure that it can perform component updates after May 9, 2022. 1.3 Files Included in This Release ==================================================================== There are no files included in this Critical Patch release. 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://success.trendmicro.com 3. System Requirements ======================================================================== 1. Deep Discovery Inspector 5.1 GM Build 1191 - English - Linux - x64 4. Installation ======================================================================== This section explains key steps for installing the Critical Patch. 4.1 Installing ==================================================================== To install: 1. Open the Deep Discovery Inspector web console. 2. Go to the "Administration > Updates > Product Updates > Hot Fixes / Patches" page. 3. Click "Browse" and select the "ddi_5.10_lx_en_criticalpatch1266_b1266.tar.gz.tar" file from the folder where you extracted the hotfix files. 4. Click the "Install" link. 5. Click "Continue" after the upload process has finished. 6. Clear the browser cache. 4.2 Uninstalling ==================================================================== To roll back to the previous build: 1. Open the Deep Discovery Inspector web console. 2. Go to the "Administration > Updates > Product Updates > Hot Fixes / Patches" page. 3. Click the "Roll Back" link. 4. Click "OK" when a confirmation message appears. 5. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================== There are no known issues for this Critical Patch release. 7. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Prior Hotfixes ==================================================================== Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 1263] Issue 1: The "ASR0001 The Watchdog timer reset the system." message appears on the appliance LCD Panel after Deep Discovery Inspector restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. [Hotfix 1262] Issue 1: Sometimes, Deep Discovery Inspector stops scanning network traffic because the Network Content Inspection Engine (NCIE) attempts to access an invalid memory address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates NCIE to prevent this issue. [Hotfix 1258] Enhancement 1: This hotfix updates the Web Reputation Service Category ID and Name in the Deep Discovery Inspector database to the latest versions. [Hotfix 1257] Issue 1: When users deploy the Registered Service settings through the Policy Management page of the Trend Micro Control Manager(TM) web console, some required configuration settings are not deployed and cause the Deep Discovery Director configuration replication to fail. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. [Hotfix 1254] Issue 1: Users cannot restore the "Detection Exceptions" list in the "Administration > Monitoring/Scanning > Detection Exceptions" page using the "Administration > System Maintenance > Backup/Restore" feature. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that the "Backup/Restore" feature can restore the "Detection Exceptions" list. [Hotfix 1253] Issue 1: Sometimes, Deep Discovery Inspector cannot send detection logs to Trend Micro Control Manager(TM) because Control Manager does not support the date format in some log fields. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue by changing the date format in the log fields to "YYYY-MM-DD hh:mm:ss". [Hotfix 1252] Issue 1: Sometimes, a default setting in the Virtual Analyzer module causes Virtual Analyzer to slow down. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue by updating the Virtual Analyzer module to reconfigure the default setting. Issue 2: When the system proxy setting is enabled and the proxy authentication setting is disabled, Deep Discovery Inspector stops submitting samples to Virtual Analyzer after a period of time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves this issue. [Hotfix 1249] Issue 1: Users cannot Single Sign-On to the Deep Discovery Inspector web console from Trend Micro Control Manager(TM) when Port Binding is enabled and the Management Port IP and Control Manager IP are on different network segments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that users can SSO to the Deep Discovery Inspector console from Control Manager under the scenario described above. [Hotfix 1248] Issue 1: Users encounter a timeout error after clicking the "Test" button on the "Network Services Diagnostics" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue by extending the timeout value on the page. [Hotfix 1244] Issue 1: The suspicious object list cannot be synced from Trend Micro Control Manager(TM) when Port Binding is enabled and the Management Port IP and Control Manager IP are on different network segments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that the suspicious object list can be synced from Control Manager under the scenario described above. [Hotfix 1243] Issue 1: Sometimes, Deep Discovery Inspector sends an incorrectly-formatted IP address suspicious object to Trend Micro TippingPoint Security Management System (SMS) which prevents TippingPoint SMS from receiving it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue by ensuring that IP addresses suspicious objects are sent to TippingPoint SMS in the correct format. [Hotfix 1242] Issue 1: Sometimes, Deep Discovery Inspector cannot detect Rule 1537 events after users add new registered services from the following pages: * "Registered Services" option from the drop-down menu of Host related columns in the "Detections > All Detections" page * "Administration > Network Groups and Assets > Registered Services > Analyze" page ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that Deep Discovery Inspector can detect Rule 1537 events on these pages normally. [Hotfix 1239] Issue 1: Sometimes, the Deep Discovery Inspector web console cannot open the details page of a detection log generated by Web Reputation Service (WRS). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue so users can view WRS detection log details normally. [Hotfix 1232] Issue 1: After Deep Discovery Inspector registers to Trend Micro Control Manager(TM), "Abnormal:Service status is unknown" appears under the "Connection Status" column when you view the product status on the "Logs > Log Query > Virus/Malware detections > Managed Product > Product Status" page of the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that the correct connection status appears on the page. [Hotfix 1230] Issue 1: The "Executive Report > Threat Statistics > Threat Incident Summary" reports display inaccurate information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue so "Threat Incident Summary" reports display complete and accurate information. [Hotfix 1229] Issue 1: An issue in Deep Discovery Inspector prevents users from viewing reports in the "Administration > Suspicious Objects > Virtual Analyzer Objects > Handling Process > Analysis" page of the Trend Micro Control Manager(TM) console in Microsoft Internet Explorer(TM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue. Issue 2: An issue in Deep Discovery Inspector causes the "At Risk Endpoints/Recipients" field in the "Administration > Suspicious Objects > Virtual Analyzer Objects" page of the Control Manager web console to display "Not yet assessed / 0" for all objects with SHA1 format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves the issue to ensure that the correct information appears on the page. [Hotfix 1228] Enhancement 1: This hotfix improves the readability of the "Administration > Updates > Product Updates > Service Packs / Version Upgrade" page. [Hotfix 1227] Enhancement 1: This hotfix enables the "Administration > Network Groups and Assets > Registered Services" page of the Deep Discovery Inspector console to support the IP range filter. [Hotfix 1224] Issue 1: After users apply Hotfix 1211 or any later Hotfix build, the Virtual Analyzer setup page displays an error message when users click the "Test Internet Connectivity" button. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. Issue 2: An issue prevents Deep Discovery Inspector from importing Microsoft(TM) Windows(TM) 10 Redstone 3 to Virtual Analyzer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves the issue. Issue 3: Deep Discovery Inspector email notifications do not follow RFC 5322 which requires the use of CRLF as a new line delimiter in the email body. As a result, email messages received in Microsoft Office(TM) 365 will not display the email body. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that Deep Discovery Inspector email notifications use CRLF as a new line delimiter in the email body to comply with RFC 5322. [Hotfix 1215] Issue 1: In the "Administration > Integrated Products/Services > Inline Products/Services > Check Point Open Platform for Security (OPSEC)" page, users cannot switch the connection type from "Clear connection" to "Secured connection" when the "Object Distribution Status" is "Enabled". Users will be able to test the connection successfully but will not be able to save the configuration and will encounter the following error message: "Unable to connect to the server. Please click here to reload page." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that users can successfully change the connection type. Issue 2: After the Check Point Open Platform for Security (OPSEC) integration is successfully configured, the following message pops up every 10 minutes even when there are no Suspicious Objects to be sent out. "Unable to distribute suspicious objects to Check Point OPSEC. Verify that the Check Point OPSEC settings are correct and that no network problem exists." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves this issue. [Hotfix 1212] Issue 1: Sometimes, a database deadlock issue causes the "Threat Details" page to display as a blank page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix prevents the database deadlock issue. [Hotfix 1211] Issue 1: In "Detections > Affected Hosts > Advanced search", if users select "Network Group", specify network groups that exceed 1024 characters long, and click "search", no search results are displayed. Users will then encounter the following error message after saving this advanced search criteria: "Unable to save the new settings. An unknown error has occurred. Try again later. If the issue persists, contact your support provider". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue by extending the limitation to 4096 characters. Enhancement 1: This hotfix upgrades the Virtual Analyzer module. [Hotfix 1209] Issue 1: Sometimes, the "Threat at a Glance" widget remains in loading status for a long time because Deep Discovery Inspector takes more than 30 seconds to retrieve the information and eventually times out. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue by changing the timeout value from 30 seconds to one hour. [Hotfix 1208] Issue 1: Sometimes, Deep Discovery Inspector restarts unexpectedly because the Virtual Analyzer module stops responding. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. Issue 2: The Trend Micro Threat Encyclopedia URL in Deep Discovery Inspector Reports is expiring in October 2018. * http://threatinfo.trendmicro.com/ * http://about-threats.trendmicro.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates the Trend Micro Threat Encyclopedia URL in Deep Discovery Inspector Reports to: https://www.trendmicro.com/vinfo/us/threat-encyclope dia/ [Hotfix 1199] Issue 1: The Deep Discovery Inspector web console may respond slowly when users access the "Administration > Integrated Products/Services > Deep Discovery Director > Network Analytics" tab. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue so that users can access the "Network Analytics" tab without issues. [Hotfix 1198] Enhancement 1: This hotfix adds the following hidden page in the Deep Discovery Inspector web console to display the number of logs that are waiting to be sent to the syslog servers. https:///html/syslog_progress.html Enhancement 2: This hotfix upgrades the Virtual Analyzer module to enable it to support Microsoft(TM) Office(TM) 365. [Hotfix 1196] Issue 1: Unregistering from Trend Micro Control Manager(TM) automatically purges the Deny List and Allow List from Control Manager even when Deep Discovery Inspector is already registered to Deep Discovery Director. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix enables Deep Discovery Inspector to keep the Deny List and Allow List from Control Manager after it unregisters if Deep Discovery Inspector is already registered to Deep Discovery Director. Issue 2: Deep Discovery Inspector does not send the filename information with the SMB protocol to Deep Discovery Director - Network Analytics when the file is corrupted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix enables Deep Discovery Inspector to send the filename information in the SMB protocol even when the file is corrupted. Issue 3: Users cannot view the Virtual Analyzer status after enabling it using the "Analyzer as a Service" option if Deep Discovery Inspector cannot connect to Deep Discovery Analyzer as a service. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix enables Deep Discovery Inspector to display an error message on the web console under the scenario described above. Enhancement 1: This hotfix upgrades the Virtual Analyzer module to enable it to support URL files (.url). 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits. As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2022, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide