<> Trend Micro Incorporated February 16th, 2022 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Inspector 5.6 - GM English - Linux - 64 Bits Critical Patch - Build 1153 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ================================================================ 1. Critical Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 1.3 Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ================================================================ 1. Critical Patch Release Information ======================================================================== 1.1 Resolved Known Issues ==================================================================== There are no issues for this Critical Patch release. 1.2 Enhancements ==================================================================== The following enhancements are included in this Critical Patch: Enhancement 1: This Hotfix enables Deep Discovery Inspector to support the Entrust certificate for the Active Update module to ensure that it can perform component updates after May 9, 2022. 1.3 Files Included in This Release ==================================================================== There are no files included in this Critical Patch release. 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://success.trendmicro.com 3. System Requirements ======================================================================== 1. Deep Discovery Inspector 5.6 GM Build 1130 - English - Linux - x64 4. Installation ======================================================================== This section explains key steps for installing the Critical Patch. 4.1 Installing ==================================================================== To install: 1. Open the Deep Discovery Inspector web console. 2. Go to the "Administration > Updates > Product Updates > Hot Fixes / Patches" page. 3. Click "Browse" and select the "ddi_5.60_lx_en_criticalpatch1153_b1153.tar.gz.tar" file from the folder where you extracted the hotfix files. 4. Click the "Upload" link. 5. Click "Continue" after the upload process has finished. 6. Clear the browser cache. 4.2 Uninstalling ==================================================================== To roll back to the previous build: 1. Open the Deep Discovery Inspector web console. 2. Go to the "Administration > Updates > Product Updates > Hot Fixes / Patches" page. 3. Click the "Roll Back" link. 4. Click "OK" when a confirmation message appears. 5. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================== There are no known issues for this Critical Patch release. 7. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Prior Hotfixes ==================================================================== Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 1151] Issue 1: Sometimes, Virtual Analyzer raises a false alarm on a sample file which generates high UDP traffic within a short period of time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix updates Virtual Analyzer to resolve this issue. [Hotfix 1148] Issue 1: An issue triggers Deep Discovery Inspector to generate a large number of the following system event log. "Synchronized Apex Central Exceptions list. Contact your support provider." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue. [Hotfix 1147] Issue 1: The Component Update module is affected by an Arbitrary File Upload and Remote Code Execution vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the Component Update module to resolve these vulnerabilities. [Hotfix 1144] Enhancement 1: This hotfix adds the "Rule 709 URL String Matching" option under the CAV Related settings in the RDQA page. This option allows user to match the full URL String with parameters with detection rule 709 to prevent false alarms. [Hotfix 1141] Enhancement 1: This hotfix enables Deep Discovery Inspector to support PAN-OS 9 for Palo Alto integration. [Hotfix 1140] Issue 1: The "ASR0001 The Watchdog timer reset the system." message appears on the appliance LCD Panel after Deep Discovery Inspector restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. Issue 2: Sometimes, Deep Discovery Inspector stops scanning network traffic because the Network Content Inspection Engine (NCIE) attempts to access an invalid memory address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates NCIE to prevent this issue. [Hotfix 1137] Issue 1: In the "Administration > Virtual Analyzer > File Submissions" page, when users click "Add" or "Edit", select the "Advanced" option under the "Criteria" section, then click the "Select" button to display the "Detection Rules List", Detection Rule IDs greater than or equal to 4000 do not appear on the list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. Issue 2: It takes longer to export CSV files form the "Detections > All Detections > Export" page on the Deep Discovery Inspector 5.6 web console that in previous versions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves this issue to ensure that users can export CSV files faster from the Deep Discovery Inspector 5.6 web console. [Hotfix 1134] Issue 1: Sometimes, Deep Discovery Inspector restarts unexpectedly because the Network Content Inspection Engine (NCIE) attempts to access an invalid memory address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates NCIE to prevent this issue. [Hotfix 1133] Issue 1: After Deep Discovery Inspector is upgraded from version 5.1 to 5.6, Virtual Analyzer stops analysing pkg and dmg file types. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. Issue 2: When the "Administration > Integrated Products/Services > Threat Investigation Center > Use the system proxy" option is enabled and the proxy server is disabled, Deep Discovery Inspector cannot send detection logs or heartbeat to the server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves this issue. Issue 3: Inaccurate information is displayed in the "Host Severity Report > Detection Overview > Most Critical Attack Phase" widget when the "Key Activities" field contains the most critical attack phase: "Asset and Data Discovery". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves this issue. Issue 4: Users cannot add the Threat Investigation Center Server when all of the following conditions are met: - the file retrieval setting is enabled, - the "Use the system" checkbox is checked - the Proxy settings are disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix resolves this issue. Enhancement 1: This hotfix improves the error handling mechanism that is triggered when the connection between Deep Discovery Inspector and Threat Investigation Center close unexpectedly to ensure that the daemon that is sending detection logs to the Threat Investigation Center does not restart unexpectedly. 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits. As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2022, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide