<> Trend Micro Incorporated January 31, 2019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Agent 10.0 Update 17 for Unix ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: https://help.deepsecurity.trendmicro.com/10/0/Welcome.html Patch/SP release documentation: https://help.deepsecurity.trendmicro.com/software.html TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deep Security Agent Platforms: Solaris 11 / 11.2 / 11.3 (64-bit, SPARC / x86) Solaris 10 Update 11 (64-bit, SPARC / x86) Date: January 31, 2019 Release: 10.0 Update 17 Build Version: 10.0.0-3240 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/index.html Download the latest version of this readme from the Deep Security page at the Trend Micro Download Center website: https://help.deepsecurity.trendmicro.com/software.html Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 10.0 Update 17 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 6. Known Incompatibilities 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third-Party Software =================================================================== 1. About Deep Security 10.0 Update 17 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security Agent 10.0 Update 17 contains no feature enhancements but includes some bug fixes. For a list of the major changes in Deep Security 10.0, please see the "What's New" section of the Deep Security Help Center. 1.2 Who Should Install This Release ===================================================================== You should install Deep Security Agent 10.0 if you are currently running Deep Security Agent 8.0, or 9.0. 2. What's New ======================================================================== 2.1 Enhancements ===================================================================== There are no enhancements in this release. 2.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-3336] The Network Filter Driver lacked error handling for some cases when memory allocation failed. This sometimes resulted in a system crash, especially when the system memory was exhausted. Solution 1: This issue has been resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-3178/SEG-32973/01021938] Deep Security Agent on Solaris had a memory leak when writing the debug log. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-3109] A native firewall could not be turned on/off automatically after the Deep Security Firewall module was enabled or its configuration was changed. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-3039/SEG-39670] An Integrity Monitoring rule could be triggered unintentionally when the prefix of its base directory path matched that of another rule. For example, if you had rules that monitored "c:\lab\" and "c:\lab1\", and added a file "c:\lab1\sample.txt", both rules would be triggered. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-2898/01190643/SEG-35814] Solaris InfiniBand interfaces are not supported in any version of Deep Security Agent. If such interfaces are present, Deep Security Manager displays a 'Get Interface Failed' status for the relevant computer(s), and also generates many unwanted firewall events from these interfaces. Solution 5: Deep Security Agent ignores all the traffic on InifiniBand interfaces, and also these interfaces do not appear in Deep Security Manager > agent's Computer details > Interfaces page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Documentation Set ======================================================================== - All Deep Security 10.0 documentation, including installation instructions and other content formerly delivered via PDF, is available from the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/10/0/Welcome.html - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/10/0/Get-Started/Install/system-requirements.html 5. Installation ======================================================================== Refer to the "Get Started" section of the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/10/0/upgrade-deep-security.html - Only use the Agent installer package (the .msi or the .rpm file) on its own to install the Deep Security Agent. If you extract the full Agent zip package and then run the Agent installer from the same folder that holds the other zipped Agent components, all the Security Modules will be installed. That may cause a conflict with the Anti-Malware or Firewall driver if you use applications other than Deep Security to provide those functionalities. - Before installing this Patch, please ensure that the Deep Security Manager has already been upgraded to 10.0 Update 17. - All Deep Security Relay-Enabled Agents must first be upgraded to Deep Security Agent 10.0 Update 17 before upgrading other Agents. 6. Known Incompatibilities ======================================================================== There are no known incompatibilities for this release. 7. Known Issues ======================================================================== - Since Solaris 10u5 is not supported in this version, those users using Solaris 10u5 and u6 are affected and cannot upgrade to DSA 10.0 directly. We recommend either staying at DSA 9.0, or upgrading to Solaris 10u7+ by following Oracle's instructions, e.g. "Oracle Solaris 10 8/11 Installation Guide: Live Upgrade and Upgrade Planning". (DS-2723) - In this release, Linux and Solaris Agents do not drop ARP packets anymore. All ARP packets dropped by previous Agents will only be logged in DSA 10.0 or newer versions. The behaviour of the Windows Agent remains unchanged.(DS-5354) - When uninstalling Deep Security Agent on Solaris 11, warning message:"the following unexpected or editable files and directories were salvaged while executing the requested package operation; they have been moved to the displayed location in the image" will be shown. This is because the Solaris Image Packaging System (IPS) has removed the capability of packages to remove plugins and temporary files. Users can safely ignore the message and remove these files manually. (DS-2094) 7.1 Known Issues from Deep Security Agent 9.0 SP1 Patch 5 ======================================================================== - Deep Packet Inspection (DPI) is not supported over SSL connections when using IPv6. - If you want to use Point To Point Tunneling Protocol (PPTP) with Deep Security, you must modify some of the advanced settings. To apply the recommended modifications: a. Log in to Deep Security Manager and go to "System Settings > Network Engine". b. Check the "Advanced Settings" check box and set the following: - Filter IPV4 Tunnels: Disable detection of IPV4 Tunnels - Maximum Tunnel Depth: 4 - Action if Maximum Tunnel Depth Exceeded: Bypass c. Click "Save". [Deep Security 8.0 Tier 2-00200] - SYN Flood protection is only supported on versions 7.5 or earlier of the Windows Agents and on versions 7.5 or earlier of the Virtual Appliance. It is not supported on versions 7.5 SP1 or later of the Windows Agents or versions 7.5 SP1 or later of the Virtual Appliance. It is not supported on any versions of the Linux or Solaris Agents. - When installing pfil on Solaris, you may encounter the following error message during pkgadd: ## Executing postinstall script. grep: can't open "/etc/opt/pfil/iu.ap" This error message can be safely ignored. - If you start the Agent from a terminal session, the Agent may stop when the terminal window is closed. You can prevent this by performing the following steps: a. Open a command prompt and run the following command: vi /etc/init.d/ds_agent b. Change lines from ds_agent –w /var/opt/ds_agent to nohup ds_agent –w /var/opt/ds_agent > /dev/null 2>&1 c. Save the file and restart the Agent. - If you have installed a version of libiconv from "www.sunfreeware.com" that is newer than version 1.8, you may see the following warning when installing the Solaris Agent: WARNING: The package "libiconv from http://www.sunfreeware.com/" is a prerequisite package and should be installed. This message can be safely ignored. - If you have installed a version of libgcc from "www.sunfreeware.com" that is newer than version 3.4.6, you may see the following warning when installing the Solaris Agent: WARNING: The package "libgcc from http://www.sunfreeware.com/" is a prerequisite package and should be installed. This message can be safely ignored. - During upgrade, you may see an Agent upgrade failed error and the following system event: Processing package instance from pkgadd: ERROR: unable to make temporary directory This is caused by the pkgadd in Solaris creating an environment variable for the ds_agent process. To complete the upgrade, restart the ds_agent process on the Solaris machine and repeat the upgrade. The previous version of the ds_agent is still running and protecting the Solaris machine. - When the network engine is working in TAP mode and the in-guest agent is offline, the Deep Security Virtual Appliance status will be "Stand By". When this occurs, the Deep Security Virtual Appliance is actually online and DPI/FW events will still be logged when rules are triggered. [10948] - Log Inspection event logs are limited to 6000 characters. - In Solaris SPARC (9/10/11), when the Communication Direction between Deep Security Manager to Agent or Appliance is set to "Agent/Appliance Initiated", the Agent goes offline and into maintenance mode. When this happens, the Agent does not go back online even after users restart the Appliance or the Agent. To resolve this issue, users would need to either re-install the Agent or use bidirectional communication, which is always inherited when the Agent is added in the Deep Security Manager console. This issue will be fixed in the next patch release. 8. Release History ======================================================================== - Deep Security Agent 10.0, Build 10.0.0-2094, March 6, 2017 - Deep Security Agent 10.0 Update 1, Build 10.0.0-2240, May 3, 2017 - Deep Security Agent 10.0 Update 2, Build 10.0.0-2358, July 13, 2017 - Deep Security Agent 10.0 Update 3, Build 10.0.0-2413, August 10, 2017 - Deep Security Agent 10.0 Update 4, Build 10.0.0-2470, September 11, 2017 - Deep Security Agent 10.0 Update 5, Build 10.0.0-2548, October 16, 2017 - Deep Security Agent 10.0 Update 6, Build 10.0.0-2613, December 12, 2017 - Deep Security Agent 10.0 Update 7, Build 10.0.0-2687, January 24, 2018 - Deep Security Agent 10.0 Update 8, Build 10.0.0-2736, February 28, 2018 - Deep Security Agent 10.0 Update 9, Build 10.0.0-2775, April 4, 2018 - Deep Security Agent 10.0 Update 10, Build 10.0.0-2797, April 24, 2018 - Deep Security Agent 10.0 Update 11, Build 10.0.0-2856, May 22, 2018 - Deep Security Agent 10.0 Update 12, Build 10.0.0-2888, June 12, 2018 - Deep Security Agent 10.0 Update 13, Build 10.0.0-2981, August 13, 2018 - Deep Security Agent 10.0 Update 14, Build 10.0.0-3059, September 27, 2018 - Deep Security Agent 10.0 Update 15, Build 10.0.0-3107, October 30, 2018 - Deep Security Agent 10.0 Update 16, Build 10.0.0-3186, December 17, 2018 - Deep Security Agent 10.0 Update 17, Build 10.0.0-3240, January 31, 2019 8.1 Deep Security Agent 10.0.0-2240 ======================================================================== 8.1.1 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-943/SEG-4381] After the Deep Security Agent had been running on a web server for a long time, it would interrupt HTTPS traffic. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-910/SEG-2762] The Deep Security Agent would crash when the integrity monitoring module scanned a file path containing a "%" character. Solution 2: The issue is fixed in this release ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-891] The Deep Security Agent created temporary files in the temp directory but these files were not removed after use, which resulted in inodes filling up. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-855] A custom Log Inspection rule would not work and produced the error: "OSSEC id does not map to DSM id". Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-839] On a 'Large Send Offload' (LSO) network, a number of firewall events with a reason of "Invalid IP Datagram Length" sometimes occurred. This happened because the firewall driver incorrectly calculated the IP datagram length in an LSO environment. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.1.2 Enhancements ===================================================================== There are no enhancements in this release. 8.2 Deep Security Agent 10.0.0-2358 ======================================================================== 8.2.1 Enhancements ===================================================================== There are no enhancements in this release. 8.2.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-1109] Deep Security file reputation querying to Smart Protection Server was not counted correctly in the Summary of Smart Protection Server. For example, the "Active Users for File Reputation" widget displayed an incorrect number of users. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1090] In some circumstances, the kernel module for a Linux version of the Deep Security Agent could be replaced by an earlier version of the kernel support package. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1081] When connections were reset, they were not removed in the kernel module until the connection timed out. This resulted in the maximum number of TCP connections being reached. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1041/SEG-370] The Deep Security firewall/intrusion prevention driver sometimes did not bind to a specific Network Interface Controller (NIC). When the Deep Security Agent took it as StandbyAdapter, it would cause a Deep Security Agent exception during initialization and fail to generate the firewall/intrusion prevention driver configuration file. Solution 4: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1040/SBM 352560] When the Intrusion Prevention rule "1000128 - HTTP Protocol Decoding" is enabled and "Specify raw characters that are not allowed in the URI:" is used, when the Deep Security Agent detects an illegal character, the Deep Security Manager will show the illegal character in an Intrusion Prevention event. However, the Deep Security Agent sometimes did not report the correct location of the illegal character, so it was not displayed correctly in the Deep Security Manager. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-1012] If the Deep Security Agent failed to download the Kernel Support Package, the agent would not retry the download. Solution 6: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-1138/SEG-5409/00388364] Due to a race condition, a kernel panic would occur when dsa_filter was handling duplicate UDP packets. Solution 7: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.3 Deep Security Agent 10.0.0-2413 ======================================================================== 8.3.1 Enhancements ===================================================================== There are no enhancements in this release. 8.3.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1242/internal case] A race condition caused an error displayed on a blue screen when the intrusion prevention module handled duplicate UDP packets. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1198/351879] The Deep Security Agent did not securely generate the SSL Master Secret when the "Client key exchange" and "Certificate verify" handshake records were both in one packet. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.4 Deep Security Agent 10.0.0-2470 ======================================================================== 8.4.1 Enhancements ===================================================================== There are no enhancements in this release. 8.4.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1367/SF00472245/SEG-10539] When log inspection was enabled, the Deep Security Agent sometimes used more than 50% (and up to 98%) of the CPU for long periods of time. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1364/493112] In previous releases, the "Smart Protection Server Disconnected for Web Reputation" alert could only be cleared manually by a user. Solution 2: In this release, Deep Security Manager will clear the alert automatically when it receives a "Smart Protection Server Connected for Web Reputation" event. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1203/SEG-8048/SF00453864] Smart scan pattern updates sometimes failed. Solution 3: This issue is fixed in this release. The iAU module has been upgraded to 1062. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.5 Deep Security Agent 10.0.0-2548 ======================================================================== 8.5.1 Enhancements ===================================================================== There are no enhancements in this release. 8.5.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1370] The Deep Security Agent sometimes failed to complete an SSL handshake when the agent was using a proxy to connect to Deep Security Manager. Solution 1: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1247] A race condition when the ds_agent kernel module was handling TCP connections caused an error displayed on a blue screen. Solution 2: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.6 Deep Security Agent 10.0.0-2613 ======================================================================== 8.6.1 Enhancements ===================================================================== There are no enhancements in this release. 8.6.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1744] Sometimes, after a Deep Security Agent upgrade, anti- malware protection would be absent or out of date. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1714] An EICAR sample was not detected and blocked in a NIC teaming environment. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1602/00598122/SEG-15655] When an Oracle WebLogic Server created cached directories ending with .jar or .war, the application control feature would enter a loop when reading those directories, resulting in high CPU usage. Solution 3: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1493] When the Deep Security Agent lightweight filter driver (tbimdsa.sys) was installed in a Windows environment where NIC teaming was configured as LACP mode, the "Microsoft Network Adapter Multiplexor Driver" device would enter a "Network cable unplugged" state. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1148/SEG-1206] The default ICRC log level for a Deep Security Agent on Linux is "debug", which causes the ds_am-icrc.log file to grow quickly. Solution 5: Change the default ICRC log level to "warn". For a fresh agent installation, the default ICRC log level will be set to "warn" by default. To update an existing agent on Linux: 1. Upgrade the Deep Security Manager to the build that contains the fix. 8.6. On the Deep Security Manager computer, open a windows command prompt, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value true 3. Upgrade the Deep Security Agent to the build that contains the fix. 4. After the agents are upgraded and the default ICRC log level has been corrected, we recommend that you turn off the key. To do this, go to the Deep Security Manager computer, open a windows command prompt, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value false ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.7 Deep Security Agent 10.0.0-2687 ======================================================================== 8.7.1 Enhancements ===================================================================== The following enhancement is included in this release: Enhancement 1: [DSSEG-1754/SEG-17076] The Advanced Threat Scan Engine used in Deep Security Agent has been updated to version 10.200.1006. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.7.2 Resolved Known Issues ===================================================================== This release resolves the following issue: Issue 1: [DSSEG-1885/SEG-11876] When SSL inspection was enabled on an SSL server, clients sometimes failed to establish an SSL session and a "Record Layer Message (not ready)" intrusion prevention event would occur. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.8 Deep Security Agent 10.0.0-2736 ======================================================================== 8.8.1 Enhancements ===================================================================== There are no enhancements in this release. 8.8.2 Resolved Known Issues ===================================================================== There are no issues fixed in this release. 8.9 Deep Security Agent 10.0.0-2775 ======================================================================== 8.9.1 Enhancements ===================================================================== There are no enhancements in this release. 8.9.2 Resolved Known Issues ===================================================================== This release resolves the following issue: Issue 1: [DSSEG-2076/SEG-23938/SEG-23938] SSL/TLS compression was not disabled while initiating SSL context for DSA listening port (4118). Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.10 Deep Security Agent 10.0.0-2797 ======================================================================== 8.10.1 Enhancements ===================================================================== This release includes the following enhancement: Enhancement 1: [DSSEG-2148] With this release of Deep Security Agent, all pattern updates from the Deep Security Relay or Trend Micro Update Server will require the use of the TLS 1.2 protocol. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.10.2 Resolved Known Issues ===================================================================== This release resolves the following issue: Issue 1: [DSSEG-2173/SEG-23387] The Deep Security Agent query script, dsa_query.cmd or dsa_query.sh, would sometimes fail. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.11 Deep Security Agent 10.0.0-2856 ======================================================================== 8.11.1 Enhancements ===================================================================== This release contains the following enhancement: Enhancement 1: [DSSEG-2161] With this release of Deep Security Agent, all software updates from the Deep Security Relay or Deep Security Manager will require the use of the TLS 1.2 protocol. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.11.2 Resolved Known Issues ===================================================================== This release does not include any resolved issues. 8.12 Deep Security Agent 10.0.0-2888 ======================================================================== 8.12.1 Enhancements ===================================================================== There are no enhancements in this release. 8.12.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-2333/SEG-26904] When a security event syslog was forwarded directly from the Deep Security Agent to a syslog server, it contained an incorrect IPv6 address in the dvchost field. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2248/00822625/SEG-27661] When a user configured a firewall bypass rule with a port range containing port 65535, the Deep Security Agent configuration would fail to compile. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.13 Deep Security Agent 10.0.0-2981 ======================================================================== 8.13.1 Enhancements ===================================================================== There are no enhancements included in this release. 8.13.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-2502/SEG-30378] Deep Security Agent crashed when it received a SIGPIPE signal in a Solaris environment. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2094/SEG-21449] When the Deep Security Agent was deployed on a computer running Solaris, memory usage increased, sometimes using more than 8 GB of RAM. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.14 Deep Security Agent 10.0.0-3059 ======================================================================== 8.14.1 Enhancements ===================================================================== The following enhancement(s) are included in this release: Enhancement 1: [DSSEG-2489] Anti-Malware Scan Engine can be displayed and has the option to enable or disable an Anti-Malware update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.14.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-2736/SEG-34502] When a TCP connection was established with the same tuples as a previously tracked one, the network engine could set the connection track to an incorrect status. This sometimes happened on a busy server where rapid connections reused a recycled connection. The network engine treated it as an "Out of connection" error and dropped the packet. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2640/SEG-27659/SF00754510] After successfully installing Deep Security Agent on a Solaris 10 Sparc machine, the ds_agent process was not running. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-2329/SEG-29194/SF00866327] Some of the files installed by Deep Security Agent had incorrect permissions. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-2313/SEG-26394/815500] When both Application Control and real-time Anti- Malware scanning were enabled and either one became disabled, a system crash would sometimes occur. This could occur when explicitly disabling either feature or when: - stopping the Deep Security Agent service, - upgrading the Deep Security Agent, or - restarting a Deep Security Agent computer. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.15 Deep Security Agent 10.0.0-3107 ======================================================================== 8.15.1 Enhancements ===================================================================== The following enhancement is included in this release: Enhancement 1: [DSSEG-2257] The Anti-Malware engine offline error is not reported when the computer is preparing to shutdown. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-2308] The version of OpenSSL used by the Deep Security Agent and Deep Security Relay has been updated to openssl-1.0.2o. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.15.2 Resolved Known Issues ===================================================================== This release resolves the following issue: Issue 1: [DSSEG-2857/SEG-33085] An unactivated Deep Security Agent could reach 100% CPU usage when handling a long HTTPS request. Solution 1: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.16 Deep Security Agent 10.0.0-3186 ======================================================================== 8.16.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-3022] The version of zlib used by the Deep Security Agent has been updated to zlib-1.2.11. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-2970] The version of curl used by the Deep Security Agent has been updated to curl-7.61.1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-2966] Deep Security Agent has been updated to support PFS cipher suites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 4: [DSSEG-3025/SEG-37605] This release updates the Anti-Malware scan engine to latest version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.16.2 Resolved Known Issues ===================================================================== This release resolves the following issue: Issue 1: [DSSEG-2878/00461478/573707/00386295/SEG-5825/00487753] Users who are not using a local Smart Protection Server (SPS) reported many Dropped Retransmit "rxjammed" events in the Firewall when using Web Reputation Service, which caused the Firewall logs to fill up. Solution 1: Dropped Retransmit "rxjammed" events are no longer recorded in the Firewall log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 9. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files depending on the Solaris platform: Agent-Solaris_5.11-10.0.0-3240.x86_64.zip Agent-Solaris_5.11-10.0.0-3240.sparc.zip Agent-Solaris_5.10_U7-10.0.0-3240.x86_64.zip Agent-Solaris_5.10_U7-10.0.0-3240.sparc.zip 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Trend Micro, Deep Security, "deep security solutions", and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed by selecting the "About" option in the application user interface. 13. Third-Party Software ======================================================================== Deep Security employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [Install Directory]/licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2019 Trend Micro Inc. All rights reserved. Published in Canada.