<> Trend Micro Incorporated February 16th, 2022 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Inspector 5.5 - GM English - Linux - 64 Bits Critical Patch - Build 1241 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ================================================================ 1. Critical Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 1.3 Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ================================================================ 1. Critical Patch Release Information ======================================================================== 1.1 Resolved Known Issues ==================================================================== There are no issues for this Critical Patch release. 1.2 Enhancements ==================================================================== The following enhancements are included in this Critical Patch: Enhancement 1: This Hotfix enables Deep Discovery Inspector to support the Entrust certificate for the Active Update module to ensure that it can perform component updates after May 9, 2022. 1.3 Files Included in This Release ==================================================================== There are no files included in this Critical Patch release. 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://success.trendmicro.com 3. System Requirements ======================================================================== 1. Deep Discovery Inspector 5.5 GM Build 1200 - English - Linux - x64 4. Installation ======================================================================== This section explains key steps for installing the Critical Patch. 4.1 Installing ==================================================================== To install: 1. Open the Deep Discovery Inspector web console. 2. Go to the "Administration > Updates > Product Updates > Hot Fixes / Patches" page. 3. Click "Browse" and select the "ddi_5.50_lx_en_criticalpatch1241_b1241.tar.gz.tar" file from the folder where you extracted the Critical Patch files. 4. Click the "Upload" link. 5. Click "Continue" after the upload process has finished. 6. Clear the browser cache. 4.2 Uninstalling ==================================================================== To roll back to the previous build: 1. Open the Deep Discovery Inspector web console. 2. Go to the "Administration > Updates > Product Updates > Hot Fixes / Patches" page. 3. Click the "Roll Back" link. 4. Click "OK" when a confirmation message appears. 5. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================== There are no known issues for this Critical Patch release. 7. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Prior Hotfixes ==================================================================== Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 1239] Issue 1: When the "Administration > Monitoring / Scanning > Packet Capture" feature is enabled in a network environment with high traffic from the same source IP, the feature may slow down and may drop data packets. When this happens the corresponding detection log cannot find the related packet capture event. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix improves the performance of the Packet Capture feature to resolves this issue. [Hotfix 1234] Issue 1: An error may occur when users click the "Analyze" button in the "Administration > Network Groups and Assets > Registered Domains" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. [Hotfix 1231] Issue 1: Sometimes, Deep Discovery Inspector stops scanning network traffic because the Network Content Inspection Engine (NCIE) attempts to access an invalid memory address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates NCIE to prevent this issue. [Hotfix 1230] Issue 1: An issue prevents the Web Reputation Services (WRS) module from rating URLs that end with an equal sign "=". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue so the WRS module can detect and rate these URLs correctly. [Hotfix 1229] Issue 1: Users cannot add an Active Directory (AD) group if the group name contains any of the following special characters. * asterisk "*" * open parenthesis "(" * close parenthesis ")" * forward slash "\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix enables users to add AD group names that contain special characters. [Hotfix 1228] Issue 1: Sometimes, Deep Discovery Inspector restarts unexpectedly because the Network Content Inspection Engine (NCIE) attempts to access an invalid memory address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates NCIE to prevent this issue. [Hotfix 1227] Issue 1: Deep Discovery Inspector (DDI) does not send heartbeats to Threat Investigation Center every 30 minutes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. [Hotfix 1226] Issue 1: Sometimes, inaccurate information appears on the "Analysis Results" widget in the "Dashboard > Virtual Analyzer Status > Virtual Analyzer" tab. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that the widget displays complete and accurate information. [Hotfix 1225] Issue 1: Users cannot restore the "Detection Exceptions" list in the "Administration > Monitoring/Scanning > Detection Exceptions" page using the "Administration > System Maintenance > Backup/Restore" feature. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that the "Backup/Restore" feature can restore the "Detection Exceptions" list. [Hotfix 1224] Issue 1: Sometimes, a default setting in the Virtual Analyzer module causes Virtual Analyzer to slow down. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue by updating the Virtual Analyzer module to reconfigure the default setting. Issue 2: When the system proxy setting is enabled and the proxy authentication setting is disabled, Deep Discovery Inspector stops submitting samples to Virtual Analyzer after a period of time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves this issue. [Hotfix 1223] Issue 1: When the "Administration > System Settings > SMTP > Connection security" setting is set to "SSL/TLS" and the "Administration > System Settings > Network > Always use TLS v1.2 or above" setting is disabled, Deep Discovery Inspector uses only TLS 1.0 to connect to the SMTP server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue by allowing Deep Discovery Inspector to connect to the SMTP server using TLS 1.0 or any higher version under the scenario described above. [Hotfix 1221] Issue 1: After configuring the "Administration > Integrated Products/Services > Inline Products/Services > Palo Alto Panorama or Firewalls" setting successfully, Deep Discovery Inspector will send an empty list to Palo Alto when there is no suspicious object to send. This triggers the following system error log every 10 minutes: "Unable to distribute suspicious objects to Palo Alto Firewalls. Verify that the Palo Alto Firewalls settings are correct and that no network problem exists." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue by enabling Deep Discovery Inspector to skip sending a blank list when there is no suspicious objects to send. [Hotfix 1220] Issue 1: Clicking on the "Test Connection" button on the "Administration > Integrated Products/Services > Inline Products/Services" page may lead to a timeout issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix extends the timeout value for the test connection task to prevent the timeout issue. [Hotfix 1219] Enhancement 1: This hotfix enables Deep Discovery Inspector 5.5 to send TLS traffic JA3 metadata to Deep Discovery Directory - Network Analytics. [Hotfix 1217] Enhancement 1: This hotfix enhances the security for component updates through Active Update (AU). [Hotfix 1216] Enhancement 1: This hotfix adds a port configuration setting for the following integrated products. * Deep Discovery Director * Deep Discovery Analyzer [Hotfix 1212] Enhancement 1: This hotfix enables Deep Discovery Inspector 5.5 to support the new Cisco Metadata (ethertype 0x8909) protocol. [Hotfix 1211] Issue 1: Deep Discovery Inspector is affected by CVE-2019-11477 and CVE-2019-11478 TCP SACK PANIC vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the TCP SACK PANIC issues by disabling the vulnerable component. [Hotfix 1207] Issue 1: An error occurs when users click on the "Generate Certificate Signing Request" button in the "RDQA > HTTPS Certificate" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. [Hotfix 1206] Issue 1: In the "Detections > All Detections" page, when users click "Details" for Virtual Analyzer related events and click "Download > Investigation Package" from the "File Analysis Results", Deep Discovery Inspector will output the results in "*_stix2.json" files. These files are generated using Python STIX 2 library version 1.0.2 but certain third-party tools support only version 1.0.3 or any higher version of the Python STIX 2 library. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue by updating the Python STIX 2 library to version 1.1.2 in Deep Discovery Inspector. [Hotfix 1203] Issue 1: When users click the "Export" button in the "Administration > Network Groups and Assets > Import / Export" page, the Registered Domains information are not exported. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. Issue 2: In the "Administration > Monitoring / Scanning > Packet Capture" page, the word "Default" is missing from the "Priority" column. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves this issue. Issue 3: Users encounter the following error message in the "Administration > Virtual Analyzer > Internal Virtual Analyzer > Sandbox Management" page, after clicking "Images > Import", selecting the source HTTP or FTP server, specifying an FTP path, selecting the "Log on anonymously" button, and then clicking "Import". "There is an error with these credentials. Verify your user name and password, then try again." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix prevents the error. 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits. As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2022, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide