3. Restart "splx" using the following command: /etc/init.d/splx restart Enhancement 5: KHM now supports the following kernels of Red Hat 4/5 and SUSE Linux Enterprise 10: Red Hat Enterprise Linux Server/Desktop 4 (i686 and x86_64) - 2.6.9-89.0.20.ELsmp i686 - 2.6.9-89.0.20.EL i686 - 2.6.9-89.0.20.ELsmp x86_64 - 2.6.9-89.0.20.EL x86_64 Red Hat Enterprise Linux Server/Desktop 5 (i686 and x86_64) - 2.6.18-164.11.1.el5PAE i686 - 2.6.18-164.11.1.el5xen i686 - 2.6.18-164.11.1.el5 i686 - 2.6.18-164.11.1.el5 x86_64 - 2.6.18-164.11.1.el5xen x86_64 SUSE Linux Enterprise 10 (Server or Desktop) (i686 and x86_64) - 2.6.16.60-0.59.1-xen i686 - 2.6.16.60-0.59.1-smp i686 - 2.6.16.60-0.59.1-bigsmp i686 - 2.6.16.60-0.59.1-smp x86_64 - 2.6.16.60-0.59.1-xen x86_64 - 2.6.16.60-0.59.1-default x86_64 8.2.2 Resolved Known Issues ===================================================================== The following known issues are resolved in this release: Issue 1: If the debug log is enabled and users start a manual or scheduled update while an update process is running, the following message appears in the debug log: "Find the previous manual/schedule scan." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The log has been changed to: "Find the previous manual/schedule update." Issue 2: When users register ServerProtect for Linux to Control Manager in text mode and the registration fails, the ActiveUpdate server still changes to "TMCM update server". This prompts ServerProtect for Linux to ask the user to unregister from Control Manager first the next time the user attempts to register to Control Manager in text mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This issue has been resolved. Issue 3: When users make changes to the manual scan options, some changes may not take effect when users start a manual scan by clicking "Scan now" from the "Summary" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This issue has been resolved. 8.3 Patch 3 ===================================================================== 8.3.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: KHM Source Code - The KHM source code has been updated. Enhancement 2: Users can now set the maximum size of files for scans. This improves the ServerProtect for Linux performance while scanning a large number of compressed files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To configure the option: 1. Open "tmsplx.xml" file using a text editor. 2. Add the "RealtimeNotScanSize" and "OnDemandNotScanSize" keys under the "Scan" section and set the value to a positive integer in megabytes.

3. Restart the ServerProtect for Linux service. NOTE: The key does not take effect if the value is set to "0". "RealtimeNotScanSize" is for real-time scans; "OnDemandNotScanSize" is for manual and scheduled scans. Enhancement 3: Users can now prevent ServerProtect from deleting the old "TmuDump.txt" ActiveUpdate log and append new ActiveUpdate logs to the existing log file instead. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To enable the option: 1. Open the "tmsplx.xml" file using a text editor. 2. Add the "KeepAULog" option under the "ActiveUpdate" section and set its value to "1".

3. Restart the ServerProtect for Linux service. To control the total size of "TmuDump.txt": 1. Open the "aucfg.ini" file under the "/opt/TrendMicro/SProtectLinux/" folder using a text editor. 2. Add the "log_size" key under the "debug" section of the "aucfg.ini" file and set its value to the size limit in megabytes. For example, to set the size limit of the "TmuDump.txt" file to 1 MB, set: [debug] log_size = 1 3. Save the changes to the "aucfg.ini" file. Enhancement 4: Users can now create a list of approved process names. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To create/edit the list of approved processes: 1. Open the "tmsplx.xml" file using a text editor. 2. Add the "RealtimeExcludeCommand" key under the "Scan" section and specify the approved processes separating multiple commands using a colon (:). For example:

NOTE: The feature can only take effect after you apply KHM version above 3.0.0.0005. This feature supports only the asterisk (*) and question mark (?) as wild card characters and behaves similarly to the real-time scan exclusion list setting. Enhancement 5: KHM now supports the use of the asterisk (*) and question mark (?) as wild card characters in the "Exclude these locations" and "Exclude the specified files" fields of the real-time scan exclusion list. 8.3.2 Resolved Known Issues ===================================================================== The following known issues are resolved in this release: Issue 1: While establishing an SMTP session with the email server to send email notifications from ServerProtect for Linux, ServerProtect for Linux sends a "HELO" command to the email server before the email server's greeting message arrives. As a result, ServerProtect for Linux treats the greeting message as the email server's response to the "HELO" command. This causes an error that prevents ServerProtect for Linux from establishing the SMTP session and sending out the email notification. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1301] ServerProtect for Linux now sends out email notifications without issues. Issue 2: After applying ServerProtect for Linux 3.0 Service Pack 1 Patch 2, the ServerProtect real-time scan may take an unusually long amount of time to scan compressed files containing a large number of files even when the current real-time scan setting is set to skip most of the files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1307] An unnecessary delay operation added in Patch 2 has been deleted to resolve the issue. Issue 3: ServerProtect for Linux CDT tools do not collect some important information such as log messages, KHM information and the AU log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1310] ServerProtect for Linux CDT tools now collect "/var/log/messages", AU logs, and KHM information. Issue 4: ServerProtect for Linux does not automatically register to Control Manager if Control Manager starts after ServerProtect for Linux. When registration fails, ServerProtect for Linux will not show the registration information that was previously entered on the Web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1311] An auto-register process has been added in ServerProtect for Linux to resolve this issue. Issue 5: A vulnerability exists in the ServerProtect for Linux 3.0 "splxhttpd" binary file containing OpenSSL 0.9.8i. Remote attackers can exploit this vulnerability and use malformed records in a HTTPS connection with ServerProtect for Linux to cause ServerProtect for Linux to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: The OpenSSL module in "splxhttpd" has been upgraded to resolve this issue. 8.4 Patch 4 ===================================================================== 8.4.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: KHM Source Code - The KHM source code has been updated. Enhancement 2: Apache Server - The Apache server and the OpenSSL module in the Apache server have been updated. 8.4.2 Resolved Known Issues ===================================================================== The following known issues are resolved in this release: Issue 1: ServerProtect for Linux sends the last VSAPI and virus pattern update time to Control Manager in the GMT time zone. This prevents Control Manager from displaying the update time in local time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1318] ServerProtect for Linux now sends Control Manager the last VSAPI and virus pattern update time in local time. Issue 2: During manual scans, ServerProtect for Linux displays "ERROR" and "-1" scanned files on the Web page if the total number of files for scanning has not been updated in a long time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1321] This issue has been resolved. Issue 3: Under certain conditions, when the ServerProtect for Linux real-time scan detects a virus in a compressed file, the virus/spyware log for the compressed file does not display a virus name and action result. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1322] The virus/spyware logs now display the correct virus name and action result. Issue 4: Error logs appear in "/var/log/messages" when some hidden keys introduced in Patch 3 are not configured. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1340] Error logs now appear in "/var/log/messages" only when the debug log level is set to "5". Issue 5: ServerProtect for Linux uses an older version of the VSAPI engine on the Red Hat Enterprise Linux 6 platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: ServerProtect for Linux now uses the latest VSAPI engine for the Red Hat Enterprise Linux 6 platform. 8.5 Patch 5 ===================================================================== 8.5.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: KHM Source Code - The KHM source code has been updated to version 3.0.1.0010. Enhancement 2: Apache Server - The Apache server has been upgraded to version 2.2.25, and the OpenSSL module in the Apache server to version 1.0.1e. Enhancement 3: ActiveUpdate Module - The ActiveUpdate (AU) module has been upgraded to version 2.85 and the following three folders: - "/opt/TrendMicro/SProtectLinux/AU_Cache" - "/opt/TrendMicro/SProtectLinux/AU_Temp" - "/opt/TrendMicro/SProtectLinux/AU_Log" have been moved to: - "/opt/TrendMicro/SProtectLinux/AU_Data/AU_Cache" - "/opt/TrendMicro/SProtectLinux/AU_Data/AU_Temp" - "/opt/TrendMicro/SProtectLinux/AU_Data/AU_Log" 8.5.2 Resolved Known Issues ===================================================================== The following known issues are resolved in this release: Issue 1: ServerProtect for Linux sends a notification for an outdated pattern file even when the pattern file is up-to-date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1358] The way ServerProtect for Linux determines whether a pattern file is up-to-date or not has been enhanced to ensures that ServerProtect for Linux sends out an outdated pattern file notification only when a pattern file is outdated. Issue 2: Users do not receive any notifications after ServerProtect for Linux disables the Real-time Scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1359] An option has been added to ensure that users receive notifications even after ServerProtect for Linux disables the Real-time Scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To enable this feature: 1. Stop ServerProtect for Linux. 2. Open the "tmsplx.xml" file under the "/opt/TrendMicro/SProtectLinux/" folder. 3. Locate the "AlertRealtimeScanStatus" key under the "Scan" section and set it to the following:

4. Save the changes and close the "tmsplx.xml" file. 5. Start ServerProtect for Linux. Issue 3: When users choose to update multiple components and one or more components, but not all, update successfully, the last update time of all selected components will be updated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1363] Now, only the last update time of successfully updated components are changed in this case. Issue 4: Control Manager does not support the display of any information about the new engine for the Common Internet File System (CIFS) in ServerProtect for Linux. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Critical Patch 1366] Control Manager now displays the necessary information about the new engine for CIFS in ServerProtect for Linux. Issue 5: The warning message that appears during an update to warn users that the product license has expired contains a typographical error. In the message, "perion" was used instead of "period". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1371] The typographical error in the notification has been corrected. Issue 6: The cron job setting is not updated with all the rest of the ServerProtect for Linux settings during configuration replication from one computer to another through the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1372] The cron job setting is now always updated with the rest of the ServerProtect for Linux settings during configuration replication from one computer to another through the Control Manager console. Issue 7: By default, Scheduled Scan and Manual Scan modify the last access time of files after scans. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix 1383] An option has been added to prevent Scheduled Scan and Manual Scan from modifying a file's last access time if the file is not infected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To enable this feature: 1. Stop ServerProtect for Linux. 2. Open the "tmsplx.xml" file. 3. Locate the "DisableAtimeNoChange" key under the "Scan" section and set it to the following:

4. Save the changes and close the file. 5. Start ServerProtect for Linux. Issue 8: During a scheduled update, ServerProtect for Linux may use the wrong working directory when it tries to update again. This triggers a "PATCH_ERROR" message in "TmuDump.txt". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: ServerProtect for Linux now always uses the correct working directory during scheduled updates. 8.6 Patch 6 ===================================================================== 8.6.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: KHM Source Code - The KHM source code been updated to version 3.0.1.0013. Enhancement 2: Apache Server - The Apache server has been upgraded to version 2.2.29, and the OpenSSL module in the Apache server to version 1.0.1m. Enhancement 3: Common Log Module - The Common Log Module has been upgraded to version 1.1.1.1177 to support leap second. Enhancement 4: World Virus Tracking Program - The World Virus Tracking feature has been removed from ServerProtect for Linux 3.0 because the Trend Micro's World Virus Tracking Center is no longer available. The following configuration items in the tmsplx.xml file are out of date:

Enhancement 5: TMNotify Module - The TMNotify module has been upgraded to version 1.3.0.1075 to use different OID to send SNMP trap messages. The following mib file will be added to ServerProtect for Linux: "/opt/TrendMicro/SProtectLinux/SPLX.MIB" NOTE: If the SNMP manager uses a version of the mib file that is older than the one specified above, you should replace the old version with the file above. Enhancement 6: License Deployment Feature - The CMAgent SDK has been upgraded to version 5.0.0.2165 to support license deployment from Control Manager. You can now deploy a new Activation Code or renew an existing Activation Code from Control Manager. Enhancement 7: Fixed Web UI Security Vulnerabilities - All the high and medium Web console security vulnerabilities found by Nessus, Acunetix Web Vulnerability Scanner, and IBM Rational AppScan have been fixed. Enhancement 8: HTTP Redirect - HTTP is not a safe protocol. This enhancement enables ServerProtect to switch from HTTP to HTTPS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To enable HTTP access: 1. Open the "splxhttpd.conf" file in the "/opt/TrendMicro/SProtectLinux/SPLX.httpd/conf" folder. 2. Comment out the four lines. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #RewriteEngine on #RewriteCond %{HTTPS} !=on #RewriteRule ^(.*)$ https://%{HTTP_HOST}/ [C] #RewriteRule //(.*): https://$1:14943/ [R=301,L] +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3. Save the changes and close the file. 4. Restart the splxhttpd service using the following command: service splxhttpd restart 8.6.2 Resolved Known Issues ===================================================================== The following known issues are resolved in this release: Issue 1: The Java applet component of ServerProtect for Linux 3.0 is blocked after users update the Java Runtime Environment (JRE) module to 7u51. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Critical Patch 1403] The Java applet component of ServerProtect for Linux 3.0 has been rebuilt according to Oracle's notes at the following website: https://blogs.oracle.com/java-platform-group/entry/ new_security_requirements_for_rias. Issue 2: On some platform versions of Linux, the AU module may not be able to merge pattern files or may stop unexpectedly during an update while using up a large amount of CPU resources. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix AU 2.85 1086] A memory management function in RTPatch ("libpatch.so") has been updated to ensure that AU can merge pattern files and perform updates successfully. Issue 3: ServerProtect for Linux 3.0 may not be able to send the correct operating system language information to Control Manager when it is installed on the Red Hat 6 or CentOS 6 platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1421] ServerProtect for Linux 3.0 now sends the correct operating system information to Control Manager. Issue 4: Sometimes, the "Some errors were found while stopping the splx kernel module." message appears while ServerProtect for Linux 3.0 closes because the ServerProtect script does not wait long enough for the kernel module to finish unloading. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1425] The ServerProtect script now gives the kernel module more time to unload while ServerProtect for Linux 3.0 closes. This helps prevent the error message from appearing. Issue 5: ServerProtect for Linux 3.0 converts file names in virus logs to "UCS-4" before sending these logs to Control Manager. Sometimes, ServerProtect for Linux 3.0 encounters an exception error while converting file names that are not in "UTF-8" format, which can trigger the process "entity" to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1428] ServerProtect for Linux 3.0 can now catch the exception, then convert the file name to "ASCII" and replace non-ASCII characters with question marks. ServerProtect for Linux 3.0 then converts the "ASCII" file name to "UCS-4". Issue 6: Sometimes, ServerProtect for Linux 3.0 cannot open a file during a manual scan or scheduled scan. This triggers an error that can cause the scan to take unusually long time to complete. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1431] ServerProtect for Linux 3.0 can now correctly handle the error so that a manual or scheduled scan runs normally when ServerProtect for Linux 3.0 fails to open a file during the scan. Issue 7: ServerProtect for Linux 3.0 does not accept public IP addresses or public domain names, but these appear as examples on the SMTP settings page of the Web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix 1436] The public IP addresses and public domain names have been deleted from the SMTP settings page. Issue 8: Sometimes, ServerProtect for Linux stops unexpectedly when ServerProtect for Linux tries to erase a cookie or tries to get the string value from the configuration file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This known issue has been resolved. Issue 9: Sometimes, logs may be deleted unexpectedly after users change the log directory even when the logs are not older than the number of days specified in "MaxLogDay". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: ServerProtect for Linux now deletes only logs that are older than the number of days specified in "MaxLogDay". Issue 10: Sometimes, if ServerProtect for Linux accesses Control Manager through a secure protocol using a proxy, it may not be able to connect to Control Manager through Single Sign-On (SSO). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: ServerProtect for Linux can now connect to Control Manager through SSO under the scenario above. Issue 11: Sometimes, if the permission for the "SSO_PKI_PublicKey.pem" file generated by ServerProtect for Linux is incorrect, it may not be able to connect to Control Manager through SSO. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: ServerProtect for Linux can now connect to Control Manager through SSO under the scenario above. 8.7 Patch 7 ===================================================================== 8.7.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: KHM Source Code - The KHM source code has been updated to version 3.0.1.0016. Enhancement 2: Apache Server - The Apache server has been updated to version 2.2.31, and the OpenSSL module in the Apache server to version 1.0.2j. Enhancement 3: Control Manager Agent SDK - The CMAgent SDK of 32-bit ServerProtect has been upgraded to version 5.0.0.2188 and the CMAgent SDK of 64-bit ServerProtect to version 5.0.0.2179. Enhancement 4: Web Server Certificate - A new certificate has been generated with SHA 256 signature algorithm. Enhancement 5: Encryption Components - The JAVA Applet Encryption components of the web console has been replaced with the AES 256 encryption algorithm of Crypto-JS. The passwords of the email account, proxy account, and Control Manager registration account will be encrypted using AES 256 encryption algorithm. Enhancement 6: Logon Protection - ServerProtect now automatically locks an account for 30 minutes if the user fails to type the correct logon password five times within 15 minutes. Enhancement 7: Password Management - New passwords must now be a combination of at least three types of the following: uppercase letters, lowercase letters, numbers and special characters. Any of the ten most recent passwords cannot be reused. Enhancement 8: TMNotify Module - The TMNotify module has been updated to version 1.3.0.1077 to ensure that it sends email notifications using the correct time zones. 8.7.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: The Linux system stops responding when ServerProtect for Linux 3.0 stops unexpectedly due to deadlock issues in the kernel space. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1062/1464] The Linux system now runs normally when ServerProtect for Linux 3.0 stops unexpectedly. Issue 2: Sometimes, the strtok function triggers ServerProtect for Linux 3.0 to stop unexpectedly. This occurs because this function is not thread-safe. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1063/1464] This issue has been resolved by enabling ServerProtect for Linux 3.0 to switch to a thread-safe function. Issue 3: When the manual scan and scheduled scan processes detect a virus, ServerProtect for Linux sends a Simple Network Management Protocol (SNMP) message with the "tpNormalEvent" type. This is the same message type used for unsuccessful pattern file updates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1063/1465] ServerProtect for Linux now sends a "tpVirusEvent" message when the manual scan and scheduled scan processes detect a virus, and to send a "tpUpdateEvent" message for unsuccessful pattern file updates. Issue 4: ServerProtect for Linux 3.0 converts file names in virus logs to "UCS-4" before sending these logs to Control Manager. Sometimes, ServerProtect for Linux 3.0 encounters an exception error that can trigger the process "entity" to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1063/1466] ServerProtect for Linux 3.0 can now catch the exception. Issue 5: When Real-Time Scan is enabled in ServerProtect for Linux, the operating system (OS) may stop responding when accessing files in a shared folder through a mounted network drive (NFS). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1063/1467] The operating system can now access files in a shared folder through a mounted network drive when Real-Time scan is enabled. Issue 6: ServerProtect for Linux 3.0 may not be able to verify the certificate of the AU Server. When this happens, it cannot update pattern and engine files with AU. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1478] The AU module has been updated to enable it to verify the certificate of the AU Server successfully. Issue 7: The "viewlog.cgi" file in ServerProtect for Linux 3.0 is affected by an XSS vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Critical Patch 1064/1473] The XSS vulnerability has been resolved by adding a checking mechanism to ensure that the data for the HTTP GET/POST method is in the correct format. Issue 8: The "vsapiapp" process of ServerProtect for Linux 3.0 may stop unexpectedly while calling the "pthread_kill" process using a thread that has already exited. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hotfix 1067/1485] The "vsapiapp" process now calls the "pthread_kill" API using an active thread. Issue 9: ServerProtect is affected by CVE-2016-5387: The Apache Server does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server using a crafted proxy header in an HTTP request, or an "httproxy" issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: The Apache Server now ignores the "Proxy" HTTP header, because this header is not used in ServerProtect. Issue 10: ServerProtect is affected by CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data through a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode or a "Sweet32" attack. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: The DES and Triple DES ciphers of the Apache Server have been disabled. 8.8 Patch 8 ===================================================================== 8.8.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: KHM Source Code - The KHM source code has been updated to version 3.0.1.0018. Enhancement 2: Apache Server - The Apache server has been updated to version 2.4.34, and the OpenSSL module in the Apache server to version 1.0.2o. Enhancement 3: [Hotfix 1540] AU module - The AU module has been updated to version 2.86.0.1074 to enable it to check if a patch agent is available in the update server before starting an update and to cancel the update if it does not detect a patch agent. Enhancement 4: TMNotify Module - The TMNotify module has been updated to version 1.3.0.1084 to solve potential memory corruption risk due to the misuse of function setlocale(). Enhancement 5: License Profile - The ServerProtect web console is now able to access license profile information when required. 8.8.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: The "log_management.cgi" file in ServerProtect for Linux 3.0 is affected by a Cross-site Scripting (XSS) vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Critical Patch 1519] [VRTS-527] A checking mechanism has been added to ensure that the data for the HTTP GET/POST method is in the correct format. Issue 2: The "notification.cgi" file in ServerProtect for Linux 3.0 is affected by an XSS vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Critical Patch 1519][VRTS-525] A checking mechanism has been added to ensure that the data for the HTTP GET/POST method is in the correct format. Issue 3: Communication to the AU server is unencrypted by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Critical Patch 1519][VRTS-519] The AU server now encrypts the communication using HTTPS. Issue 4: Packages downloaded from the AU server are not signed or validated by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Critical Patch 1519][VRTS-521] The Digital Signature Check and Server Certificate Verification functions are now enabled by default when downloading components from the AU server. Issue 5: Users can set or add any path for the quarantine directory. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Critical Patch 1519] [VRTS-529] ServerProtect for Linux 3.0 now restricts the quarantine directory path to specific paths only. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 5: To set or add the "/tmp" folder for the quarantine directory: 1. Install this patch (see "Installation"). 2. Open the "tmsplx.xml" file under the "/opt/TrendMicro/SProtectLinux" folder using a text editor. 3. In the "Scan" group of "tmsplx.xml", locate the "MoveToWhiteList" string, the default string is as follows:

4. Append ":/tmp" to the value:

NOTE: Removing ":/tmp" removes the restriction. 5. Save the changes and close the file. Issue 6: Users can set or add any path for the backup directory. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Critical Patch 1519][VRTS-529] ServerProtect for Linux 3.0 now restricts the backup directory path to specific paths only. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To set or add the "/tmp" folder for the backup directory: 1. Install this patch (see "Installation"). 2. Open the "tmsplx.xml" file under the "/opt/TrendMicro/SProtectLinux" folder using a text editor. 3. In the "Scan" group of "tmsplx.xml", locate the "SaveToWhiteList" string, the default string is as follows:

4. Append ":/tmp" to the value:

NOTE: Removing ":/tmp" removes the restriction. 5. Save the changes and close the file. Issue 7: The ServerProtect for Linux 3.0 web console is affected by a CSRF vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Critical Patch 1531][VRTS-523] A secure random token has been added for the web console to resolve this issue. Issue 8: Some feedback data are generated in duplicate. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Critical Patch 1536][SEG-8760] Server Protect for Linux 3.0 now removes the duplicate feedback data. Issue 9: The "Entity" process may trigger a high CPU usage issue when users attempt to view Virus, Spyware, Scan, or System logs on the web console and it encounters an unexpected string in any of the logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [Hotfix 1540][SEG-16205] A mechanism has been added to handle unexpected strings and help ensure that the "Entity" process runs normally. Issue 10: The TLS 1.0 protocol used in the web console is affected by the weak CBC-Mode vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [Critical Patch 1541][VRTS-1768] TLS 1.0 has been disabled by default in the web console. NOTE: After applying this patch, if you cannot login to the web console through a browser or Single Sign-On (SSO) to it from Control Manager, upgrade your browser or apply the latest Control Manger patch to enable it to support newer TLS protocols. Issue 11: A potential interoperability issue between the splx service and other services, such as autofs, may trigger the kernel to stop responding. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [Hotfix 1548][SEG-16795] ServerProtect for Linux 3.0 now ensures that the splx service is the last service to start during startup. Issue 12: Sometimes, the ServerProtect for Linux web console shows an update complete message even though the manual update has failed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [Hotfix 1560][SEG-22453] ServerProtect for Linux 3.0 now ensures that the web console receives the update failed results correctly. Issue 13: The "Logs > Log Directory" page name changes to "Automatic Delete" after users click on the "Save" button. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: [Hotfix 1560][SEG-22947] ServerProtect for Linux 3.0 now ensures that the page name remains the same after users click on the "Save" button. Issue 14: The "Scan Now" button appears in the log results on the "Logs > Virus Logs" and "Logs > Spyware Logs" pages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: [Hotfix 1560][SEG-22957] The log display logic of both pages have been updated to ensure that the "Scan Now" button does not appear in the log results. Issue 15: SSO does not work after Control Manager 7.0 switches from default mode to multi-session mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: [Hotfix 1568][SEG-23874] The "Set-Cookie" method has been enabled in the response header to allow the SessionID" to be sent to Control Manager 7.0 in multi-session mode. Issue 16: The memory usage rises unexpectedly during a manual or scheduled scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: [Hotfix 1569][SEG-25496] Server Protect for Linux 3.0 now allows users to configure a manual or scheduled scan to sleep for a few milliseconds before scanning the next file. This can help reduce the memory usage during scans. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 16: To configure the time interval: 1. Install this patch (see "Installation"). 2. Open the "tmsplx.xml" file in the "/opt/TrendMicro/SProtectLinux" folder. 3. Add the following keys and set each to the preferred value in milliseconds. For example, to set both manual and scheduled scan to sleep for one millisecond between files, set:

NOTE: Trend Micro recommends setting these to "1" and observing the CPU usage. Increase the values as needed. 4. Save the changes and close the file. 5. Restart the splx service by running the following command: #./service splx restart Issue 17: ServerProtect for Linux cannot apply engine and pattern updates from Control Manager 7.0 because the PatchAgent component cannot be downloaded successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: [Hotfix 1571][SEG-26780] Server Protect for Linux 3.0 now adds the PatchAgent information into the product profile that ServerProtect for Linux sends to Control Manager. This helps ensure that PatchAgent can be downloaded from Control Manager so that engine and pattern updates can be applied successfully. 9. Files Included in this Release ======================================================================== --------------------------------------------------------------------- Filename Build No. --------------------------------------------------------------------- For both 32-bit and 64-bit ServerProtect: splx 3.0.1657 splxcore 3.0.1657 splxhttpd 3.0.1657 splx.service 3.0.1657 splxcore.service 3.0.1657 splxhttpd.service 3.0.1657 vsapiapp 3.0.1657 splxmain 3.0.1657 SetTMDefaultExt 3.0.1657 splx_manual_scan 3.0.1657 splx_schedule_scan 3.0.1657 virus_type_finder 3.0.1657 entity 3.0.1657 libi18n.so.1 1.1.1.1177 liblogmgt.so.1 1.1.1.1177 liblogrdr.so.1 1.1.1.1177 liblogshr.so.1 1.1.1.1177 liblogwtr.so.1 1.1.1.1177 liblowlib.so.1 1.1.1.1177 libTMNotifymt.so.1 3.0.1657 libsplxcommon.so 3.0.1657 libsplxcxml.so 3.0.1657 DiagnosticTool 3.0.1657 CMconfig 3.0.1657 EncryptAgentPassword 3.0.1657 splxcomp 3.0.1657 splxport 3.0.1657 upcfg 3.0.1657 xmlvalidator 3.0.1657 checkBrowser.sh 3.0.1657 splxhttpd.conf 3.0.1657 libapr-1.so.0.7.0 3.0.1657 libaprutil-1.so.0.6.1 3.0.1657 libexpat.so.1.6.12 3.0.1657 libcares.so.2 3.0.1657 splxhttpd 3.0.1657 server.crt 3.0.1657 server.key 3.0.1657 splxmain.8.gz 3.0.1657 tmsplx.xml.5.gz 3.0.1657 cmoption.cgi 3.0.1657 log_management.cgi 3.0.1657 login_and_register.cgi 3.0.1657 notification.cgi 3.0.1657 proption.cgi 3.0.1657 scanoption.cgi 3.0.1657 scanoption_set.cgi 3.0.1657 showpage.cgi 3.0.1657 srv_admin.cgi 3.0.1657 summary.cgi 3.0.1657 tmcm_sso.cgi 3.0.1657 viewlog.cgi 3.0.1657 summary.htm 3.0.1657 Specifying_the_Download_Source.htm 3.0.1657 Alerts.htm 3.0.1657 charset.htm 3.0.1657 Recipients.htm 3.0.1657 cmsettings_no_reg.htm 3.0.1657 cmsettings_reged.htm 3.0.1657 password.htm 3.0.1657 proxy_settings.htm 3.0.1657 proxy_settings_update.htm 3.0.1657 menu_1.htm 3.0.1657 loginpage_registered_splx.htm 3.0.1657 logoff_splx.htm 3.0.1657 backup_directory.htm 3.0.1657 customer_register.htm 3.0.1657 quarantine_directory.htm 3.0.1657 registration.htm 3.0.1657 pr_activate.htm 3.0.1657 pr_activate_rej.htm 3.0.1657 pr_licenseinfo_no_ac.htm 3.0.1657 pr_licenseinfo_full_ac_end.htm 3.0.1657 pr_licenseinfo_full_ac.htm 3.0.1657 pr_licenseinfo_full_ac_progress.htm 3.0.1657 setting_on.htm 3.0.1657 banner.htm 3.0.1657 banner_cm.htm 3.0.1657 password_wrong.htm 3.0.1657 TmCube_Common.js 3.0.1657 client_cfg.js 3.0.1657 calendar.js 3.0.1657 Update_Scheduled.htm 3.0.1657 update_progress.htm 3.0.1657 Update_Manual.htm 3.0.1657 update_fail.htm 3.0.1657 Scheduled.htm 3.0.1657 scan_progress0.htm 3.0.1657 scan_progress2.htm 3.0.1657 scan_progress.htm 3.0.1657 Real-time.htm 3.0.1657 Manual.htm 3.0.1657 Response_success.htm 3.0.1657 virus_logs.htm 3.0.1657 system_logs.htm 3.0.1657 spyware_logs.htm 3.0.1657 scan_logs.htm 3.0.1657 purge_now.htm 3.0.1657 logs_on_disk.htm 3.0.1657 log_directory.htm 3.0.1657 log_directory_response 3.0.1657 exclusion_scheduled.htm 3.0.1657 exclusion_real.htm 3.0.1657 exclusion_manual.htm 3.0.1657 exclusion_manual_response.htm 3.0.1657 exclusion_real_response.htm 3.0.1657 localization.js 3.0.1657 script1.js 3.0.1657 script_splx.js 3.0.1657 Manual.htm 3.0.1657 TMBIF 3.0.1657 SPLX.MIB 3.0.1657 Agent.ini.template 3.0.1657 Product.ini.template 3.0.1657 help 3.0.1657 CryptoJS 3.0.1657 AuPatch 2.86.0.4003 libpatch.so 2.86.0.4003 libtmactupdate.so 2.86.0.4003 cert5.db n/a x500.db n/a SPLX_CM_UI.zip n/a For both 32-bit ServerProtect: cgiCmdNotify 5.0.0.2364-RH9 libProductLibrary.so 5.0.0.2364-RH9 libEn_Utility.so.1.0.0 5.0.0.2364-RH9 libSSO_PKIHelper.so.1.0.0 5.0.0.2364-RH9 libTrendAprWrapper.so.1.0.0 5.0.0.2364-RH9 libapr-1.so.0.1.1 5.0.0.2364-RH9 libcrypto.so.1.0.0 5.0.0.2364-RH9 libcurl.so.4.0.0 5.0.0.2364-RH9 libssl.so.1.0.0 5.0.0.2364-RH9 libciuas32.so 5.0.0.2364-RH9 liblwtpciu32.so 2.86.0.4003 expapply.so 2.86.0.4003 libaction.so 2.86.0.4003 libicui18n.so.18.1 libicuuc.so.18.1 libxerces-c1_7_0.so libcxmlapi.so For 64-bit ServerProtect: cgiCmdNotify 5.0.0.2333 libProductLibrary.so 5.0.0.2333 libEn_Utility.so.1.0.0 5.0.0.2333 libSSO_PKIHelper.so.1.0.0 5.0.0.2333 libTrendAprWrapper.so.1.0.0 5.0.0.2333 libapr-1.so.0.1.1 5.0.0.2333 libcrypto.so.1.0.0 5.0.0.2333 libcurl.so.4.0.0 5.0.0.2333 libssl.so.1.0.0 5.0.0.2333 libciuas64.so 2.86.0.4003 liblwtpciu.so 2.86.0.4003 expapply64.so 2.86.0.4003 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro, Smart Protection Network, ServerProtect, Control Manager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide