~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Virtual Appliance 9.5 Platforms: ESXi 5.5, 5.1, 5.0 Agentless(Windows) Anti-Malware, Firewall, Intrusion Prevention, Integrity Monitoring, Web Reputation Support: Windows XP SP2 and newer (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit), Windows Server 2003 SP2 (32-bit, 64-bit), Windows Server 2003 R2 (32-bit, 64-bit), Windows Server 2008 (32-bit, 64-bit), Windows Server 2008 R2 (64-bit), Windows 8 (32-bit, 64-bit), Windows 8.1 (32-bit, 64-bit), Windows Server 2012 (64-bit), Windows Server 2012 R2 (64-bit) Agentless(Linux) Firewall, Intrusion Prevention, Web Reputation Support: Red Hat Enterprise 5 (32-bit and 64-bit), Red Hat Enterprise 6 (32-bit and 64-bit), CentOS 5 (32-bit and 64-bit), CentOS 6 (32-bit and 64-bit), Oracle Linux 5 (32-bit and 64-bit) - RedHat kernel, Oracle Linux 6 (32-bit and 64-bit) - RedHat kernel, Oracle Linux 5 (64-bit) - Unbreakable Kernel Oracle Linux 6 (64-bit) - Unbreakable Kernel SuSE 10 SP3, SP4 (32-bit and 64-bit), SuSE 11 SP1, SP2, SP3 (32-bit and 64-bit), Ubuntu 10.04 LTS (64-bit), Ubuntu 12.04 LTS (64-bit), Ubuntu 14.04 LTS (64-bit), Cloud Linux 5 (32-bit and 64-bit), Cloud Linux 6 (32-bit and 64-bit) Date: Aug. 18, 2014 Release: 9.5 Build Version: 9.5.2-2022 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: http://us.trendmicro.com/us/solutions/enterprise/security-solutions/ virtualization/deep-security/ Download the latest version of this readme from the "Software" page at the Trend Micro Download Center website: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 9.5 1.1 Overview of This Release 1.2 Who Should Install This Release 1.3 Upgrade Notice 2. What's New 2.1 New in Deep Security 9.5 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Known Incompatibilities 7. Known Issues in Deep Security Virtual Appliance 9.5 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third Party Software =================================================================== 1. About Deep Security 9.5 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security 9.5 contains a number of bug fixes as well as new feature enhancements. For a complete list of the major changes in Deep Security 9.5 from previously released versions of Deep Security, please see the "What's New in Deep Security 9.5" section of the online help or the Administrator's Guide, available for download from the Trend Micro Download Center. 1.2 Who Should Install This Release ===================================================================== You should install the Deep Security Virtual Appliance 9.5 if you are currently running Deep Security Virtual Appliance 7.5, 8.0, or 9.0. Note: When upgrading to Deep Security Virtual Appliance 9.5 you need to be running Deep Security Filter Driver 9.5. 1.3 Upgrade Notice ===================================================================== If you are currently using Deep Security 7.5 with Deep Security Virtual Appliance, you should upgrade your Deep Security Virtual Appliance and Filter Driver to version 8.0 Service Pack 2 or the latest 8.0 version. Deep Security Manager 9.5 does not support Deep Security Virtual Appliance 7.5 or any older version. Also be sure to read the VMware documentation for upgrading your VMware environment including the KB article on the VMware website: Unmanaged vShield Endpoint 1.0 components remain after upgrading vShield Manager from version 4.1 to 5.0 (http://kb.vmware.com/kb/2011482). 2. What's New ======================================================================== 2.1 New in Deep Security 9.5 ===================================================================== vSphere 5.5 Support - Security for Software-Defined Data Center NSX - Support for mixed-model deployments (NSX and non-NSX) Improvements to Security and Software Update Management - Improved visibility into Update status - Improved accessibility to Software Updates 2.2 Resolved Known Issues ===================================================================== - This release includes all resolved issues that were resolved in Deep Security 9.0 SP1 Patch 3 except those explicitly listed in the section "Known Issues in Deep Security Virtual Appliance 9.5" below. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Deep Security 9.5 Installation Guides (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you smoothly deploy Deep Security. o Deep Security 9.5 Administrator's Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. (All the content of the Administrator's Guide can be found in the Deep Security Manager's online help.) o Readme.txt files -- version enhancements, known issues, and release history. There is one readme for each installable Deep Security component: Manager, Agent, Virtual Appliance, and ESX Filter Driver. Electronic versions of the manuals are available from the Trend Micro Download Center at: http://downloadcenter.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. (The online contains all the information contained in the Administrator's Guide.) o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the Deep Security 9.5 Installation Guide. 5. Installation/Uninstallation ======================================================================== - See the "Deep Security Virtual Appliance 9.5 Installation Guide" document available for download from the Trend Micro Download Center. - Version 9.5 of Deep Security Virtual Appliance requires the 9.5 or above version of the Deep Security Filter Driver ONLY in non-NSX environment. - When a Deep Security Virtual Appliance is deployed in a VMware environment that makes use of the VMware Distributed Resource Scheduler (DRS), it is important that Deep Security Virtual Appliance does not get vMotioned. Deep Security Virtual Appliance must be "pinned" to its particular ESXi host. You must actively change the DRS settings for all Deep Security Virtual Appliances to "Manual" or "Disabled" (recommended) so that these will not be vMotioned by the DRS. If a Deep Security Virtual Appliance (or any virtual machine) is set to "Disabled", the vCenter Server does not migrate that virtual machine or provide migration recommendations for it. This is known as "pinning" the virtual machine to its registered host and is the recommended course of action for Deep Security Virtual Appliances in a DRS environment. An alternative is to deploy Deep Security Virtual Appliance onto a local store as opposed to a shared store. When Deep Security Virtual Appliance is deployed onto a local store it cannot be vMotioned by DRS. For further information on DRS and pinning virtual machines to a specific ESXi, please consult your VMware documentation. 6. Known Incompatibilities ======================================================================== There are no known incompatibilities for this release. 7. Known Issues in Deep Security Virtual Appliance 9.5 ======================================================================== - Anti-Malware, Web Reputation, Integrity Monitoring, and Log Inspection should not be enabled on the policy that is assigned to the Deep Securit Virtual Appliance itself. These features are not supported when applied to the Deep Security Virtual Appliance and may produce error events. [21250] - The NSX (network visualization components on vShpere hosts), VMware endpoint and Trend Micro Deep Security service cannot install and deploy successfully when a new host is added to the same cluster. As a workaround, join the new host to the dvSwitch before adding it to the cluster. [22211] - After Deep Security Virtual Appliance deployment, creating Trend Micro Service in VMware vSphere may produce the error "Cannot complete the operation". This happens when Deep Security Virtual Appliance has just started and some services are not yet running. As a workaround, try the operation again at a later time. - VMWare NSX may not automatically apply the VMWare NSX Security Policy to new VMs, cloned VMs or VMs that are moved to a protected port group. If you notice that the Deep Security Virtual Appliance is not providing protection under the pre-mentioned conditions go into VSphere Web Client edit the Service Composer->Security Group-> Trend VM Security Group, make no changes but simply hit finished. This will trigger NSX to reapply the VMWare NSX Security Policy to the proper VMs. [24039] - In NSX Environment, assigning IPv6 address to the Deep Security Virtual Appliance using IPv6 pool is not supported. [21695] - In NSX Environment, Layer 2 packets are not passed to the Deep Security Virtual Appliance and are therefore bypassed (e.g. ARP). [23471] - TLS version 1.1 and 1.2 is not supported in SSL Inspection of Intrusion Prevention feature. [18091] - In NSX environment, Deep Security Virtual Appliance should be uninstalled prior to moving the ESXi host to a different cluster. [23192/23193] - It can take up to 30 minutes before the appliance is ready for deployment through NSX Manager after importing the Deep Security Virtual Appliance package to the DSM. Deploying the appliance before the package is in place at \temp would result in failure. [23150] - In NSX environment, when deploying the Deep Security Virtual Appliance, the error "Unable to access agent OVF package file at https:/appliance/NSX/system.vmdk may sometimes appear indicating that the user cancelled the task. Retry the installation when this happens. [23305] - When using Firewall and IPS Rule Schedules, the rule will take effect on DSVA's timezone which is configured as UTC in 9.5. [23660] - In NSX environment, when several agentless protected guest virtual machines are vMotioned simultaneously, some VMs will be reactivated after vMotion. [23500] - NSX manager shows the status of "Trend Micro Deep Security" installation status as failed on existing cluster when the deployment URL has been changed. When this happens, do not click the "Resolve" button because it will try to upgrade the existing master appliance which will result to the appliance being redeployed. As a result, the VMs that are activated will no longer be activated. Recommendation is to host the appliance dsva.ovf on an external web server, and don't change the URL of the appliance after it has been deployed. [23994] - When preparing ESXi 5.5 to deploy the filter driver, the error "Failed to download VIB" might appear. This happens when the Deep Security Manager has Deep Security Agent installed and Intrusion Prevention is enabled. TLS version 1.2 is being used and is not supported in SSL Inspection of Intrusion Prevention feature. As a workaround, disable Intrusion Prevention on the Agent installed on the Deep Security Manager or create a bypass rule between the Deep Security Manager and the ESXi host. [22681] - If Deep Security Virtual Appliance does not have enough disk space for an upgrade, it does not clear up disk space or warn users before running the upgrade. As a result, the upgrade fails and triggers error messages from vCenter and Deep Security Manager. - In some cases, if you deploy Deep Security Virtual Appliance and you select to use a static IP address, the default DNS domain will be set incorrectly. To resolve this, log on to the Deep Security Virtual Appliance console command line and run "vi /etc/resolv.conf". Ensure the values for search and nameserver are correct for your environment. [Deep Security 8.0 Tier 2-00184] - SYN Flood protection is only supported on versions 7.5 or older Windows Agent versions and on versions 7.5 or older Virtual Appliance versions. It is not supported on versions 7.5 Service Pack 1 or higher Windows Agent versions or versions 7.5 Service Pack 1 or higher Virtual Appliance versions. It is not supported on any version of the Linux or Solaris Agents. - On some Windows platforms, when downloading malware using Microsoft Internet Explorer(TM), the download process windows closes upon detection. The file will still be detected and cleaned even though no error or warning was given. [00619] - The quarantine action may fail if the maximum quarantine size is set too high. The default size is 32 MB. It is recommended not to set the limit higher than 200 MB. - If your ESXi or Deep Security Virtual Appliance are in a different domain than your Deep Security Manager, they may have problems connecting to Deep Security Manager. Renaming your Deep Security Manager to use the fully qualified name fixes this, for example, "manager.hq.local". For information on how to rename your Deep Security Manager hostname, refer to the documentation. - For any images you have on your ESXi machine, ensure you have the latest VMware Tools installed. - Deep Security Virtual Appliance cannot perform Log Inspection which means users cannot assign Log Inspection Rules to machines without an in-guest Deep Security Agent. 8. Release History ======================================================================== DSVA 9.5.2-2022 August 15, 2014 9. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files: Appliance-ESX-9.5.2-2022.x86_64.zip 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/us/about-us/index.html The Trend Micro "About Trend Micro" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Copyright 2014, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Deep Security and "deep security solutions" are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ 13. Third Party Software ======================================================================== Deep Security employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: /opt/ds_agent/licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2014 Trend Micro Inc. All rights reserved. Published in Canada.