<> Trend Micro Incorporated January 31, 2019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Agent 10.0 Update 17 for Linux ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: https://help.deepsecurity.trendmicro.com/10/0/Welcome.html Patch/SP release documentation: https://help.deepsecurity.trendmicro.com/software.html TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deep Security Agent Platforms: Red Hat Enterprise Linux 7 (64-bit) Red Hat Enterprise Linux 6 (32-bit and 64-bit) Red Hat Enterprise Linux 5 (32-bit and 64-bit) CentOS 7 (64-bit) CentOS 6 (32-bit and 64-bit) CentOS 5 (32-bit and 64-bit) Oracle Linux 7 (64-bit)* Oracle Linux 6 (32-bit and 64-bit)* Oracle Linux 5 (32-bit and 64-bit)* SUSE Enterprise Linux 11 SP1, SP2, and SP3 (32-bit and 64-bit) SUSE Enterprise Linux 12 (64-bit) CloudLinux 7 (64-bit) CloudLinux 6 (32-bit and 64-bit) Debian 7 (64-bit) Debian 8 (64-bit) Ubuntu 16.04 LTS (64-bit) Ubuntu 14.04 LTS (64-bit) Amazon Linux AMI (64-bit) Amazon Linux 2 AMI (64-bit) Notes: * Oracle Linux is supported on Red Hat kernels and Unbreakable kernels. For a list of specific Linux kernels supported for each platform, see the document titled Deep Security 10.0 Supported Linux Kernels: http://files.trendmicro.com/documentation/guides/deep_security/Kernel%20Support/10.0/Deep_Security_10_kernels_EN.html For a list of supported Deep Security features by software platform, go to the Help Center page https://help.deepsecurity.trendmicro.com/supported-features-by-platform.html Date: January 31, 2019 Release: 10.0 Update 17 Build Version: 10.0.0-3240 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/index.html Download the latest version of this readme from the Deep Security page at the Trend Micro Download Center website: https://help.deepsecurity.trendmicro.com/software.html Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 10.0 Update 17 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 6. Known Incompatibilities 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third-Party Software =================================================================== 1. About Deep Security 10.0 Update 17 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security Agent 10.0 Update 17 contains no feature enhancements but includes some bug fixes. For a list of the major changes in Deep Security 10.0, please see the "What's New" section of the Deep Security Help Center. 1.2 Who Should Install This Release ===================================================================== You should install this release if you are currently running Deep Security 9.5 SP1, 9.6 or 9.6 SP1. All new Deep Security users should install Deep Security 10.0. 2. What's New ======================================================================== 2.1 Enhancements ===================================================================== There are no enhancements in this release. 2.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-3386/SEG-40130] Deep Security Scanner encountered problems when an SAP client program created a large number of scan tasks. Solution 1: Scanner has been improved and can now handle a larger number of scan tasks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-3336] The Network Filter Driver lacked error handling for some cases when memory allocation failed. This sometimes resulted in a system crash, especially when the system memory was exhausted. Solution 2: This issue has been resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-3309] Deep Security Agent real-time Anti-Malware scans and Application Control didn't work correctly with a Linux 4.18 kernel. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-3262] Deep Security Agent real-time Anti-Malware scans didn't work correctly with a Linux 4.12 kernel. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-3216] When both Anti-Malware real-time scans and SAP scanner were enabled on a Windows computer that had SAP NetWeaver 7.5+ installed, a virus could be detected and quarantined, but the error code returned to SAP NetWeaver was not correct. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-3109] A native firewall could not be turned on/off automatically after the Deep Security Firewall module was enabled or its configuration was changed. Solution 6: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-3103] In certain configurations, the Deep Security Agent kernel driver loaded an incorrect configuration, causing an OS crash. Solution 7: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-3081/SF01339187/SEG-38497/SEG-33163] An SAP system with Java running in a Linux environment failed to start when Deep Security Scanner returned an error code without an error message. Solution 8: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-3039/SEG-39670] An Integrity Monitoring rule could be triggered unintentionally when the prefix of its base directory path matched that of another rule. For example, if you had rules that monitored "c:\lab\" and "c:\lab1\", and added a file "c:\lab1\sample.txt", both rules would be triggered. Solution 9: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Documentation Set ======================================================================== - All Deep Security 10.0 documentation, including installation instructions and other content formerly delivered via PDF, is available from the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/10/0/Welcome.html - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/10/0/Get-Started/Install/system-requirements.html 5. Installation ======================================================================== Refer to the "Get Started" section of the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/10/0/upgrade-deep-security.html - Only use the Agent installer package (the .msi or the .rpm file) on its own to install the Deep Security Agent. If you extract the full Agent zip package and then run the Agent installer from the same folder that holds the other zipped Agent components, all the Security Modules will be installed. That may cause a conflict with the Anti-Malware or Firewall driver if you use applications other than Deep Security to provide those functionalities. - Before installing this Patch, please ensure that the Deep Security Manager has already been upgraded to 10.0 Update 17. - All Deep Security Relay-Enabled Agents must first be upgraded to Deep Security Agent 10.0 Update 17 before upgrading other Agents. 6. Known Incompatibilities ======================================================================== There are no known incompatibilities for Deep Security 10.0. 7. Known Issues ======================================================================== - If a malware scan generates a very large number of malware events, the Deep Security Agent could fail to report the events to the Deep Security Manager, generating a "Get Events Failed" event. (DS-11178) - When the Linux kernel on the Agent host is updated to a non-supported version, the DSA driver for Web Reputation, Anti-Malware and Intrusion Prevention modules will not be loaded and the modules will show as offline on the DSM UI. However the Web Reputation module is still shown as online. (DS-10586) - In this release, Linux Agents do not drop ARP packets anymore. All ARP packets dropped by previous Agents will only be logged in DSA 10.0 or newer versions. The behaviour of the Windows Agent remains unchanged. (DS-5354) - There is no threshold limitation on the local DSA DB size when in Application Control Maintenance Mode, and currently no method of pruning. (DS-10961) 7.1 Known Issues from Deep Security 9.6 SP1 Patch 1 U6 ======================================================================== - SCANEXTRACT, SCANEXTRACT_DEPTH, SCANEXTENSIONS, and SCANLIMIT, which are configurable in the SAP GUI as scan parameters, have no effect on sar files. [DS-1611] - When a virtual machine is added through vCloud connector, after vMotion from a protected ESXi host to an unprotected ESXi host, the virtual machine will not go from combined mode to Agent-only protection. [DS-558] - When a virtual machine is added through vCloud connector, after vMotion from an unprotected ESXi host to a protected ESXi host, the virtual machine will not go from Agent-only protection to combined mode. [DS-557] - Some platforms (e.g. Linux) do not distinguish network interfaces at the packet level, when they are connected to the same network. When enabling "Policy -> Interface Types -> Rules can apply to specific interfaces" on these platforms, firewall policies that attempt to distinguish between network interfaces connected to the same network will result in only one of the policies being applied. [29543] - The Trusted Platform Module (TPM) monitoring does not work on vSphere 6 environment. When enabled, the event "The vCenter sent empty or unreliable TPM information that has been ignored. This is only an issue if the problem persists" will appear. In rare circumstances, the value may also be unreliable on vSphere 5.5 environment. VMware is already investigating this issue. [29268/27166] - If the Integrity monitoring feature in Combined Mode is disabled, the Deep Security Notifier status will display it as Not Capable instead of Not Configured. [29403] - When doing vMotion of many simultaneous VMs, some of the VMs may appear as Anti-Malware Engine Offline after it moves to the new host. This occurred because the DSM checked the status of the VMs during heartbeat before the vMotion is finished. Doing another check status or waiting for the next heartbeat will fix the status. [28825] - Deep Security Azure Connector does not identify virtual machines created by Azure Resource Manager a.k.a ARM VM (v2). DSA installed in ARM VM will not be included in Azure connector but in normal computer list. This limitation will have no impact on security features provided by Deep Security. [29630] - If vMotion occurs while Anti-Malware scan is happening, there is a possibility that the scan will not continue after moving from one Agentless protected host to another. If you see an event saying "Manual Malware Scan Failure" or if you see a "Manual Malware Scan Started" without a corresponding "Manual Malware Scan Completed", then this means that the scan has stopped and did not finish. [28059] - During the upgrade process after removing the Filter Driver, Deep Security Manager will display "Intrusion Prevention Engine Offline and Firewall Engine Offline" regardless of policy until the Deep Security Virtual Appliance is upgraded to version SP1. [28992] - If the Deep Security Relay is down during deployment of Deep Security Virtual Appliance, it will fail to upgrade and will cause the vShield Endpoint to not register. Even after the Deep Security Virtual Appliance upgrade becomes successful, the vShield Endpoint will remain in a Not Registered state. Reactivating the Deep Security Virtual Appliance will resolve this issue. [28712] - Deep Security Agent could not convert shift-jis encoded characters to UTF-8. Therefore, any folders named with shift-jis encoding will be skipped during Integrity Monitoring scanning. [28879] - The CPU Usage (Agent only) setting under Manual and Scheduled Scan Configuration in the Deep Security Manager console is not working on SUSE 10 SP3 and SP4. [20717] - Deep Security Agent may not successfully install on the first release of Ubuntu 12.04 without any updates and patches. [23797] - The Relay feature uses TCP port 4122. When enabling the relay feature, make sure TCP port 4122 is allowed in any firewall being used. [22749] - CPU usage control in Scan for Integrity may not work after a reboot. Rebuild Integrity Baseline or reactivation will fix this. [20725/20563] - In Linux platforms, some malwares may not be detected if the DNS is very slow to respond to queries. [21208] - Some security components of Deep Security Agent with Relay feature enabled may get removed unexpectedly after an update. As a workaround, retry the security update. [24004] - The Deep Security Manager will display the platform of the agent package regardless of the platform where it is installed. For example, since the agent package used in CentOS and Red Hat are the same and labeled as Red Hat agent package, Deep Security Manager will display the platform as Red Hat. [21674/25156] - Deep Security Agent running on SUSE in Azure cloud will not be managed under Azure cloud account in the Deep Security Manager. The agent will appear under normal computers list. [26499] - After Deep Security Virtual Appliance upgrade, the error "Exceeded maximum concurrent events" may be noticed in the /var/log/messages file and the agentless protected guest virtual machines status change to "Anti-Malware Engine Offline". Rebooting the Deep Security Virtual Appliance will fix this issue. [26361] - Intrusion Prevention is not supported over SSL connections when using IPv6. - SYN Flood protection is only supported on versions 7.5 or earlier of the Windows Agents and on versions 7.5 or earlier of the Virtual Appliance. It is not supported on versions 7.5 Service Pack 1 or later of the Windows Agents or versions 7.5 Service Pack 1 or later of the Virtual Appliance. It is not supported on any versions of the Linux or Solaris Agents. - Log entries (Firewall and IPS Events) for OUTGOING traffic show zero-ed out MAC addresses. - When the network engine is working in TAP mode and the in-guest agent is offline, the Deep Security Virtual Appliance status will be "Stand By". When this occurs, Deep Security Virtual Appliance is actually online and IP/FW events will be logged when rules are triggered. [10948] - Log Inspection event logs are limited to 6000 characters. 8. Release History ======================================================================== - Deep Security Agent 10.0, Build 10.0.0-2094, March 6, 2017 - Deep Security Agent 10.0 Update 1, Build 10.0.0-2240, May 3, 2017 - Deep Security Agent 10.0 Update 2, Build 10.0.0-2358, July 13, 2017 - Deep Security Agent 10.0 Update 3, Build 10.0.0-2413, August 10, 2017 - Deep Security Agent 10.0 Update 4, Build 10.0.0-2470, September 11, 2017 - Deep Security Agent 10.0 Update 5, Build 10.0.0-2548, October 16, 2017 - Deep Security Agent 10.0 Update 5 Critical Patch, Build 10.0.0-2551, October 20, 2017 - Deep Security Agent 10.0 Update 6, Build 10.0.0-2613, December 12, 2017 - Deep Security Agent 10.0 Update 7, Build 10.0.0-2687, January 24, 2018 - Deep Security Agent 10.0 Update 8, Build 10.0.0-2736, February 28, 2018 - Deep Security Agent 10.0 Update 9, Build 10.0.0-2775, April 4, 2018 - Deep Security Agent 10.0 Update 10, Build 10.0.0-2797, April 24, 2018 - Deep Security Agent 10.0 Update 11, Build 10.0.0-2856, May 22, 2018 - Deep Security Agent 10.0 Update 12, Build 10.0.0-2888, June 12, 2018 - Deep Security Agent 10.0 Update 13, Build 10.0.0-2981, August 13, 2018 - Deep Security Agent 10.0 Update 14, Build 10.0.0-3059, September 27, 2018 - Deep Security Agent 10.0 Update 15, Build 10.0.0-3107, October 30, 2018 - Deep Security Agent 10.0 Update 16, Build 10.0.0-3186, December 17, 2018 - Deep Security Agent 10.0 Update 17, Build 10.0.0-3240, January 31, 2019 8.1 Deep Security Agent 10.0.0-2240 ======================================================================== 8.1.1 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-952] Network connectivity issues were observed in Amazon Linux (x86_64) machines running Intrusion Prevention System in in-line network engine mode. Solution 1: The logic to handle skb_linearize failure has been fixed and made more robust to avoid such types of network connectivity issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-943/SEG-4381] After the Deep Security Agent had been running on a web server for a long time, it would interrupt HTTPS traffic. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-937/377091] When firewall was enabled, the agent logged many 'invalid tcp timestamp' events in some circumstances. Solution 3: The default behavior has been changed to not log those events. It can be still enabled in the Anti- Evasion settings. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-919] Application Control did not support Linux kernel versions 4.6 or higher. Solution 4: With this update, Application Control supports kernel versions 4.6 or higher. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-916/SEG-3395/SEG-4060] When Deep Security Agent anti-malware was enabled in a Red Hat Enterprise Linux 7 environment, the system would reboot due to a kernel panic. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-910/SEG-2762] The Deep Security Agent would crash when the integrity monitoring module scanned a file path containing a "%" character. Solution 6: The issue is fixed in this release ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-908] When a file was sent to an SAP server via SMTP attachment and the SAP process stripped the extension from the file (for example, filename.pdf became filename), the file would be blocked with a "BLOCKED_BY_POLICY" error. Solution 7: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-891] The Deep Security Agent created temporary files in the temp directory but these files were not removed after use, which resulted in inodes filling up. Solution 8: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-855] A custom Log Inspection rule would not work and produced the error: "OSSEC id does not map to DSM id". Solution 9: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [DSSEG-847] Application Control failed to download a ruleset when the Deep Security Agent was behind a proxy and the rulesets were hosted on Deep Security Manager. Solution 10: Application Control can now download the ruleset from the manager when the agent is behind a proxy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 11: [DSSEG-844] Application Control failed to download a ruleset when the Deep Security Agent thread was stuck downloading a ruleset from an older configuration. Solution 11: With this release, application control will download the ruleset. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 12: [DSSEG-839] On a 'Large Send Offload' (LSO) network, a number of firewall events with a reason of "Invalid IP Datagram Length" sometimes occurred. This happened because the firewall driver incorrectly calculated the IP datagram length in an LSO environment. Solution 12: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.1.2 Enhancements ===================================================================== The following enhancement is included in this release: Enhancement 1: This release adds support for Debian 8. 8.2 Deep Security Agent 10.0.0-2358 ======================================================================== 8.2.1 Enhancements ===================================================================== There are no enhancements in this release. 8.2.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1109] Deep Security file reputation querying to Smart Protection Server was not counted correctly in the Summary of Smart Protection Server. For example, the "Active Users for File Reputation" widget displayed an incorrect number of users. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1090] In some circumstances, the kernel module for a Linux version of the Deep Security Agent could be replaced by an earlier version of the kernel support package. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1081] When connections were reset, they were not removed in the kernel module until the connection timed out. This resulted in the maximum number of TCP connections being reached. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1041/SEG-370] The Deep Security Firewall/Intrusion Prevention driver sometimes did not bind to a specific Network Interface Controller (NIC). When the Deep Security Agent took it as StandbyAdapter, it would cause a Deep Security Agent exception during initialization and fail to generate the firewall/intrusion prevention driver configuration file. Solution 4: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1040/SBM 352560] When the Intrusion Prevention rule "1000128 - HTTP Protocol Decoding" is enabled and "Specify raw characters that are not allowed in the URI:" is used, when the Deep Security Agent detects an illegal character, the Deep Security Manager will show the illegal character in an Intrusion Prevention event. However, the Deep Security Agent sometimes did not report the correct location of the illegal character, so it was not displayed correctly in the Deep Security Manager. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-1012] If the Deep Security Agent failed to download the Kernel Support Package, the agent would not retry the download. Solution 6: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-1138/SEG-5409/00388364] Due to a race condition, a kernel panic would occur when dsa_filter was handling duplicate UDP packets. Solution 7: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-1017/SEG-6293/SEG-8827] The Deep Security Virtual Appliance's security update failed or VMs were offline because the Scheduler thread exited abnormally. Solution 8: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.3 Deep Security Agent 10.0.0-2413 ======================================================================== 8.3.1 Enhancements ===================================================================== There are no enhancements in this release. 8.3.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1242/internal case] A race condition caused an error displayed on a blue screen when the intrusion prevention module handled duplicate UDP packets. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1210/SEG-6284] AWS OpsWorks invokes an ssh that cannot be looked up from AWS Linux kernel. The default action of Deep Security Agent was to block such execution. This caused users to receive an "Operation Not Permitted" error on their OpsWorks deployment. Solution 2: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1198/351879] The Deep Security Agent did not securely generate the SSL Master Secret when the "Client key exchange" and "Certificate verify" handshake records were both in one packet. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1211] On some Linux platforms, if iptables or ip6tables was disabled and a customer installed or restarted the Deep Security Agent, the ds_agent process would start iptables and add a rule to open port 4118. Solution 4: With this release, the ds_agent process will check the iptables/ip6tables status. If it is disabled, it will not be changed. If it is enabled, one rule to allow port 4118 for communication will be added. Note 4: If both iptables and ip6tables are disabled, they will remain disabled. If either one is enabled, the ds_agent process will consider them both to be enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.4 Deep Security Agent 10.0.0-2470 ======================================================================== 8.4.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-1360] To support Windows 2016, EPSecLib has been upgraded to version 6.3.3. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-1310] This release adds support for kernel 4.11.0-13-generic. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-1344] This release of Deep Security Agent supports Linux 4.12 Kernels. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.4.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1407] Kernel panic occurred while adding VMware hotplug cpu or memory resource. Solution 1: RTScan now skips hooking debugfs to avoid kernel crash. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1367/SF00472245/SEG-10539] When log inspection was enabled, the Deep Security Agent sometimes used more than 50% (and up to 98%) of the CPU for long periods of time. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1364/493112] In previous releases, the "Smart Protection Server Disconnected for Web Reputation" alert could only be cleared manually by a user. Solution 3: In this release, Deep Security Manager will clear the alert automatically when it receives a "Smart Protection Server Connected for Web Reputation" event. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1363/ VRTS-1121/VRTS-742] Deep Security Virtual Appliance was affected by a vulnerability in the OS layer. Solution 4: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1301] After enabling application control, the system would sometimes enter a disconnected state and could not be accessed via ssh. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-1225/SEG-9966/00415118 /SEG-9503] Filesystem in Userspace (FUSE) conflicts with redirects led to performance issues when the anti-malware module was enabled. Solution 6: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-1203/SEG-8048/SF00453864] Smart Scan Agent Pattern updates sometimes failed. Solution 7: This issue is fixed in this release. The iAU module has been upgraded to 1062. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-1305/475444/SEG-9521] In the anti-malware configuration file for Linux (ds_am.ini), the vmpd_log_file_count key and the vmpd_log_file_MB key did not work as expected. Solution 8: With this release, the vmpd_log_file_count can be set with a size of 2 to 1000 files, and vmpd_log_file_MB can be set with a size of 1 to 100 MB. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.5 Deep Security Agent 10.0.0-2548 ======================================================================== 8.5.1 Enhancements ===================================================================== The following enhancement is included in this release: Enhancement 1: [DSSEG-1494] In this release, Deep Security Virtual Appliance has be improved to gracefully handle local vMotion in VMware's environment. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-1462] Real-time anti-malware scans are now supported on Oracle Linux 6 x64 agents and Oracle Linux 7 x64 agents. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.5.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1370] The Deep Security Agent sometimes failed to complete an SSL handshake when the agent was using a proxy to connect to Deep Security Manager. Solution 1: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1247] A race condition when the ds_agent kernel module was handling TCP connections caused an error displayed on a blue screen. Solution 2: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.6 Deep Security Agent 10.0.0-2551 ======================================================================== 8.6.1 Enhancements ===================================================================== There are no enhancements in this release. 8.6.2 Resolved Known Issues ===================================================================== This release resolves the following issue: Issue 1: [DSSEG-1551] A change made on October 14 to version 2.7 of smBIOS for AWS EC2 instances introduced an incompatibility issue with Deep Security Agents on Linux and Windows. We have seen this issue affecting new instances created in the US-Virginia, Japan, and Singapore regions since October 14, but additional regions will be affected. This issue affects agent activation on any instance with the 2.7 bios and is likely to result in agents entering an unprotected state. Currently running activated agents are not affected. For details, please refer to: https://success.trendmicro.com/solution/1118601 Solution 1: The incompatibility is fixed with this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.7 Deep Security Agent 10.0.0-2613 ======================================================================== 8.7.1 Enhancements ===================================================================== This release includes the following enhancements: Enhancement 1: [DSSEG-1652] The Deep Security Virtual Appliance ds_agent startup script has been enhanced to ensure the necessary kernel module is placed in the correct path and to wake up the vmtoolsd service if it doesn't run. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-1568] The Advanced Threat Scan Engine used in Deep Security Agent has been updated to version 10.000.1004. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.7.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1744] Sometimes, after a Deep Security Agent upgrade, anti- malware protection would be absent or out of date. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1714] An EICAR sample was not detected and blocked in a NIC teaming environment. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1602/00598122/SEG-15655] When an Oracle WebLogic Server created cached directories ending with .jar or .war, the application control feature would enter a loop when reading those directories, resulting in high CPU usage. Solution 3: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1493] When the Deep Security Agent lightweight filter driver (tbimdsa.sys) was installed in a Windows environment where NIC teaming was configured as LACP mode, the "Microsoft Network Adapter Multiplexor Driver" device would enter a "Network cable unplugged" state. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1148/SEG-1206] The default ICRC log level for a Deep Security Agent on Linux is "debug", which causes the ds_am-icrc.log file to grow quickly. Solution 5: Change the default ICRC log level to "warn". For a fresh agent installation, the default ICRC log level will be set to "warn" by default. To update an existing agent on Linux: 1. Upgrade the Deep Security Manager to the build that contains the fix. 8.7. On the Deep Security Manager computer, open a windows command prompt, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value true 3. Upgrade the Deep Security Agent to the build that contains the fix. 4. After the agents are upgraded and the default ICRC log level has been corrected, we recommend that you turn off the key. To do this, go to the Deep Security Manager computer, open a windows command prompt, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value false ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.8 Deep Security Agent 10.0.0-2687 ======================================================================== 8.8.1 Enhancements ===================================================================== The following enhancement is included in this release: Enhancement 1: [DSSEG-1754/SEG-17076] The Advanced Threat Scan Engine used in Deep Security Agent has been updated to version 10.200.1006. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.8.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1885/SEG-11876] When SSL inspection was enabled on an SSL server, clients sometimes failed to establish an SSL session and a "Record Layer Message (not ready)" intrusion prevention event would occur. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1837] A spin_lock in dsa_filter caused network performance issues on Linux platforms. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1825/3-1-1493237865/SEG-18925] Anti-Malware scan inclusions and exclusions did not work when the path contained multi-byte characters. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1411] Agentless vMotion sometimes failed when there were more than two vNICs. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.9 Deep Security Agent 10.0.0-2736 ======================================================================== 8.9.1 Enhancements ===================================================================== The following enhancement(s) are included in this release: Enhancement 1: [DSSEG-1980] This release adds support for Amazon Linux 2. In order to use this platform, you need Deep Security Manager 10.0 Update 8 or above. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.9.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-2017] The Linux syslog received many filp_open failure logs when the ds_agent anti-malware kernel module failed to open files. Solution 1: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1992/SEG-22602] Deep Security Agent incompatibilities with c5 and m5 instance types in AWS Elastic Compute Cloud (EC2) running Linux operating systems caused an issue where computers that failed to be correctly identified were activated outside of an AWS cloud connector, were not assigned EC2 metadata, and may not have been assigned the expected security policy. In these cases, assigning a security policy or relay groups based on EC2 metadata - using Event Based Tasks (EBT's) for example - was incorrect. In addition, consumption- based billing for large instances was incorrect. Existing EC2 instance types that have Deep Security Agents already installed or newly deployed are unaffected. For details, please refer to: https://success.trendmicro.com/solution/1119433 Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1974/SEG-23241/SEG-6472/SEG-6201/SEG-19649] When the kernel module (gsch) in the Deep Security Agent Anti-Malware feature on Linux was loaded and hooked a system call, and then the gsch module was unloaded or the anti-malware feature was disabled, this caused a system crash if another vendor's kernel module was hooking the system call later than the gsch driver. Solution 3: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.10 Deep Security Agent 10.0.0-2775 ======================================================================== 8.10.1 Enhancements ===================================================================== There are no enhancements in this release. 8.10.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-2103/SEG-21286/00684294] Real-time Anti-Malware scans sometimes caused a kernel panic on some specific file systems. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2076/SEG-23938/SEG-23938] SSL/TLS compression was not disabled while initiating SSL context for DSA listening port (4118). Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1958/SEG-20477] A Deep Security Agent's Anti-Malware status sometimes displayed as "offline" after the agent was stopped ungracefully during an OS shutdown. This issue was caused by the shutdown leaving a ds_am pid file in place that pointed to a process that was no longer running. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.11 Deep Security Agent 10.0.0-2797 ======================================================================== 8.11.1 Enhancements ===================================================================== This release contains the following enhancement: Enhancement 1: [DSSEG-2148] With this release of Deep Security Agent, all pattern updates from the Deep Security Relay or Trend Micro Update Server will require the use of the TLS 1.2 protocol. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.11.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-2173/SEG-23387] The Deep Security Agent query script, dsa_query.cmd or dsa_query.sh, would sometimes fail. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2068] When Deep Security Agent failed to download new kernel modules of both Anti-Malware and Firewall, it expected to try downloading those modules again. However, if only Anti-Malware kernel module was successfully downloaded, Deep Security Agent sometimes did not retry downloading Firewall kernel module. As the result, the new kernel module was not loaded and could trigger a Firewall engine offline issue on Amazon Linux. Solution 2: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.12 Deep Security Agent 10.0.0-2856 ======================================================================== 8.12.1 Enhancements ===================================================================== This release contains the following enhancement: Enhancement 1: [DSSEG-2161] With this release of Deep Security Agent, all software updates from the Deep Security Relay or Deep Security Manager will require the use of the TLS 1.2 protocol. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.12.2 Resolved Known Issues ===================================================================== This release does not include any resolved issues. 8.13 Deep Security Agent 10.0.0-2888 ======================================================================== 8.13.1 Enhancements ===================================================================== The following enhancement is included in this release: Enhancement 1: [DSSEG-2201/SEG-21673] When agentless real-time anti-malware scanning is enabled with the "Enable network directory scan" option set to "Off", the Deep Security Virtual Appliance does not request any network file access events from guest machines. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.13.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-2333/SEG-26904] When a security event syslog was forwarded directly from the Deep Security Agent to a syslog server, it contained an incorrect IPv6 address in the dvchost field. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2304/00853021/SEG-28060] After upgrading Deep Security Agent from version 9.6 to 10.0 on a Linux platform, the Component Set version was not updated, which caused the Security Update Status to display "Out-of-Date". Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-2248/00822625/SEG-27661] When a user configured a firewall bypass rule with a port range containing port 65535, the Deep Security Agent configuration would fail to compile. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.14 Deep Security Agent 10.0.0-2981 ======================================================================== 8.14.1 Enhancements ===================================================================== There are no enhancements included in this release. 8.14.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-2518] In previous releases, the Deep Security Agent for Linux dropped ARP packets. This sometimes led to configuration issues. Solution 1: On Linux, the Deep Security Agent logs ARP packets instead of dropping them. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2382/SEG-29766/SF00875293] When Anti-Malware was enabled, a kernel panic sometimes occurred due to a memory allocation failure. Solution 2: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1687] When Deep Security Agent scanned a SAR file that contained relative paths, those relative paths were not extracted to a temporary directory for scanning. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1686] When messages coming from Deep Security Virus Scan Adapter were too long, it caused a buffer overflow, and the Deep Security Agent would access an invalid memory address. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.15 Deep Security Agent 10.0.0-3059 ======================================================================== 8.15.1 Enhancements ===================================================================== The following enhancement(s) are included in this release: Enhancement 1: [DSSEG-2788] The Linux Deep Security Agent fresh install will not download the older version engine from iAU if the Deep Security Agent Anti-Malware module already includes the new engine. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-2563] Deep Security Agent now supports Debian 9. This new agent is compatible with Deep Security Manager 10.0 Update 12 or later. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-2489] Anti-Malware Scan Engine can be displayed and has the option to enable or disable an Anti-Malware update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.15.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-2736/SEG-34502] When a TCP connection was established with the same tuples as a previously tracked one, the network engine could set the connection track to an incorrect status. This sometimes happened on a busy server where rapid connections reused a recycled connection. The network engine treated it as an "Out of connection" error and dropped the packet. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2542/SEG-31883/SF00958979] An invalid dentry object sometimes caused a kernel panic. Solution 2: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-2387/SEG-22509/00695358] In a Red Hat Enterprise Linux 5 or 6 or a CentOS 5 or 6 environment, Integrity Monitoring events related to the following rule were displayed even if users or groups were not created or deleted: 1008720 - Users and Groups - Create and Delete Activity Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-2329/SEG-29194/SF00866327] Some of the files installed by Deep Security Agent had incorrect permissions. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-2313/SEG-26394/815500] When both Application Control and real-time Anti- Malware scanning were enabled and either one became disabled, a system crash would sometimes occur. This could occur when explicitly disabling either feature or when: - stopping the Deep Security Agent service, - upgrading the Deep Security Agent, or - restarting a Deep Security Agent computer. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.16 Deep Security Agent 10.0.0-3107 ======================================================================== 8.16.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-2827/SEG-34684] Previously, the network engine would sometimes fill the MAC field in event logs with zeros for outgoing packets, to make the logs easier to read. This release removes this behavior to avoid issues in an overlay network environment. In the event logs, the MAC address for outgoing packets may be empty or contain a random number. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-2489] Anti-Malware Scan Engine can be displayed and has the option to enable or disable an Anti-Malware update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-2257] The Anti-Malware engine offline error is not reported when the computer is preparing to shutdown. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 4: [DSSEG-2746/SF00374619/SF00340345/00425845/00389528/ SF179909/00368352/SF159145/SF318628/00513686/00528775/ 538145/441559/00611107] In this release, the Deep Security Agent installer checks the installation platform to prevent installation of an agent that does not match the platform. This feature is supported on: - Amazon Linux and Amazon Linux 2 - Red Hat Enterprise Linux 5, 6 and 7 - CentOS 5, 6 and 7 - Cloud Linux 6 and 7 - Oracle iLnux 5, 6 and 7 - SUSE Linux Enterprise Server 11 and 12 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 5: [DSSEG-2308] The version of OpenSSL used by the Deep Security Agent and Deep Security Relay has been updated to openssl-1.0.2o. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.16.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-2857/SEG-33085] An unactivated Deep Security Agent could reach 100% CPU usage when handling a long HTTPS request. Solution 1: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2799/SEG-34463] The Agent operating system could crash when Anti- Malware was enabled or the Agent was stopped. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.17 Deep Security Agent 10.0.0-3186 ======================================================================== 8.17.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-3022] The version of zlib used by the Deep Security Agent has been updated to zlib-1.2.11. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-2970] The version of curl used by the Deep Security Agent has been updated to curl-7.61.1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-2966] Deep Security Agent has been updated to support PFS cipher suites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 4: [DSSEG-3025/SEG-37605] This release updates the Anti-Malware scan engine to latest version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.17.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-3105/SF01248774/SEG-37651] When real-time Anti-Malware scans were enabled on Linux, a lot of Linux Security Module logs were generated. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-3076] Packets were dropped due to an out of memory error when skb_linearize was called to handle fragments. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-3004/SF01061186/SEG-33124] The Anti-malware driver has a compatibility issue with a GFS2/GFS cluster environment. Solution 3: GFS2/GFS has been added to the Anti-malware hook exclude list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-2953/SEG-33407] When Anti-malware real-time driver initialization failed, the operating system sometimes crashed. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-2878/00461478/573707/00386295/SEG-5825/00487753] Users who are not using a local Smart Protection Server (SPS) reported many Dropped Retransmit "rxjammed" events in the Firewall when using Web Reputation Service, which caused the Firewall logs to fill up. Solution 5: Dropped Retransmit "rxjammed" events are no longer recorded in the Firewall log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 9. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files: Agent-RedHat_EL5-10.0.0-3240.i386.zip Agent-RedHat_EL5-10.0.0-3240.x86_64.zip Agent-RedHat_EL6-10.0.0-3240.i386.zip Agent-RedHat_EL6-10.0.0-3240.x86_64.zip Agent-RedHat_EL7-10.0.0-3240.x86_64.zip Agent-Oracle_OL5-10.0.0-3240.i386.zip Agent-Oracle_OL5-10.0.0-3240.x86_64.zip Agent-Oracle_OL6-10.0.0-3240.i386.zip Agent-Oracle_OL6-10.0.0-3240.x86_64.zip Agent-Oracle_OL7-10.0.0-3240.x86_64.zip Agent-SuSE_11-10.0.0-3240.i386.zip Agent-SuSE_11-10.0.0-3240.x86_64.zip Agent-SuSE_12-10.0.0-3240.x86_64.zip Agent-Ubuntu_14.04-10.0.0-3240.x86_64.zip Agent-Ubuntu_16.04-10.0.0-3240.x86_64.zip Agent-amzn1-10.0.0-3240.x86_64.zip Agent-amzn2-10.0.0-3240.x86_64.zip Agent-CloudLinux_6-10.0.0-3240.i386.zip Agent-CloudLinux_6-10.0.0-3240.x86_64.zip Agent-CloudLinux_6-10.0.0-3240.x86_64.zip Agent-CloudLinux_7-10.0.0-3240.x86_64.zip Agent-Debian_7-10.0.0-3240.x86_64.zip Agent-Debian_8-10.0.0-3240.x86_64.zip Agent-Debian_9-10.0.0-3240.x86_64.zip To install Deep Security Agent on CentOS, use the Red Hat installer and package. For Amazon EC2, use either the Red Hat Enterprise 6 Agent package 32-bit or 64-bit) or the SUSE 11 Agent package (64-bit), depending on the base operating system used by your Amazon AMI. For a list of specific Linux kernels supported for Amazon, see http://files.trendmicro.com/documentation/guides/deep_security/Kernel%20Support/10.0/Deep_Security_10_kernels_EN.html 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Trend Micro, Deep Security, "deep security solutions", and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed by selecting the "About" option in the application user interface. 13. Third-Party Software ======================================================================== Deep Security employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [Install Directory]/licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2019 Trend Micro Inc. All rights reserved. Published in Canada.