<> Trend Micro Incorporated June 25, 2019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Manager 10.0 Update 20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/SP release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Platforms: Windows Server 2016 (64-bit), Windows Server 2012 (64-bit), Windows Server 2012 R2 (64-bit), Windows Server 2008 (64-bit), Windows Server 2008 R2 (64-bit), Red Hat Enterprise Linux 5 (64-bit), Red Hat Enterprise Linux 6 (64-bit), Red Hat Enterprise Linux 7 (64-bit) Not Supported: Red Hat Enterprise Linux (RHEL) Xen Hypervisor Windows Server 2012 Core Windows Server 2008 Core Deep Security Manager is no longer supported on 32-bit versions of the Windows platform. Date: June 25, 2019 Release: 10.0 Update 20 Build Version: 10.0.3445 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/ index.html Download the latest version of this readme from the Deep Security page at the Trend Micro Download Center website: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 10.0 Update 20 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 2.3 Security Updates 3. Documentation Set 4. System Requirements 5. Installation 6. Known Incompatibilities 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third-Party Software =================================================================== 1. About Deep Security 10.0 Update 20 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security Manager 10.0 Update 20 contains bug fixes and securituy updates. For a list of the major changes in Deep Security 10.0, please see the "What's New" section of the Installation Guides, which are available for download from the Trend Micro Download Center. 1.2 Who Should Install This Release ===================================================================== You should install this release if you are currently running Deep Security 9.5 SP1 Patch 3, 9.6 Service Pack 1, or 9.6 Service Pack 1 Patch 1. All new Deep Security users should install Deep Security 10.0. 2. What's New ======================================================================== 2.1 Enhancements ===================================================================== There are no enhancements included in this release. 2.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-3745/SEG-48936/SF01775616] The Event API did not handle NULL severity values gracefully. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-3694] On the primary tenant, unsigned and self-signed software packages can no longer be imported to Deep Security Manager. Solution 2: This issue is fixed in this release ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-3692] Deep Security Rule Updates must now be signed before being imported or applied Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2.3 Security Updates ===================================================================== Security updates are included in this release. For more information about how we protect against vulnerabilities, visit https://success.trendmicro.com/vulnerability-response. 3. Documentation Set ======================================================================== - All Deep Security 10.0 documentation, including installation instructions and other content formerly delivered via PDF, is available from the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/10/0/Welcome.html - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/10/0/Get-Started/Install/system-requirements.html 5. Installation ======================================================================== Refer to the "Get Started" section of the Deep Security Help Center https://help.deepsecurity.trendmicro.com/10/0/upgrade-deep-security.html 6. Known Incompatibilities ======================================================================== - Deep Security Manager 10.0 does not support version 9.0 and earlier versions of Deep Security Virtual Appliance and Deep Security Agent (except for some Solaris, AIX and HPUX Agents). For a full list of compatible Agents please see https://help.deepsecurity.trendmicro.com/Manage-Components/ Software-Updates/compatibility.html - When adding vCloud in this version of Deep Security must be added only to the tenants. Adding vCloud to the primary tenant is not supported. 7. Known Issues ======================================================================== - Deep Security 9.6 SP1 and earlier versions use RSA-1024 and SHA-1 for secure communication between the Deep Security Manager and Deep Security Agents. By default, Deep Security 10.0 uses RSA-2048 and SHA-256, which are more secure algorithms. A new installation of Deep Security 10.0 will use RSA-2048 and SHA-256 but if you upgrade from an earlier version to Deep Security 10.0, it will continue to use the earlier cryptographic algorithms unless you update the algorithm separately. Instructions can be found on the Help Centre article "Upgrade the Deep Security cryptographic algorithm" at help.deepsecurity.trendmicro.com/Get-Started/Install/ upgrade-crypto-algorithm.html (DS-6993) - When using a Policy with SAP turned on, if the SAP license has expired, although it may appear on the DSM UI as though the SAP Policy is still On, the policy sent to Agents will have SAP off. SAP will not run on an Agent with an expired license. (DS-4534) - In environments with Integrity Monitoring enabled and a large number of computers, the database may experience high CPU. This applies to Microsoft SQL Server databases. To resolve the issue maintenance on the 'entitys' table should be done using the 'EXEC sp_updatestats' command. (DS-10471) - Application control has been designed for relatively-stable server environments as a security control, where unplanned changes on a computer are an indicator of compromise. Deep Security limits the amount of unreviewed software change that it tracks for each computer. If the number of unreviewed software changes for a computer exceeds 50,000 items, the computer will report an "Unresolved software change limit reached" error on that host, a system event will be logged, an alert will be raised, and the unreviewed software changes for that computer will be removed from the Deep Security Manager database. The application control tab on the computer details page will also show a banner describing the problem. The application control policy in effect on the computer will continue to be applied, and any existing rules will continue to be enforced. Limitations: 1. If unreviewed software change exceeding the limit for an individual computer already exists in the database when it is upgraded, the error will not be raised until the next unreviewed software change is reported by the computer. 2. If an administrator reverts a software change review decision and in so doing causes the unreviewed software change to exceed the limit for an individual computer, the error will not be raised until the next unreviewed software change is reported by the computer. (DS-10473) - Users should take care when manually adding a zip file to Administration > Software > Local. If the original filename is not maintained (as on the Download Center) it will not deploy correctly to Agents. For example downloading a second copy of an Agent file can result in a file named something like this: Agent-amzn1-10.0.2-7690.i386 (1).zip. (DS-11078) - When using Anti-Malware with containers there is currently no ability to specify paths within containers when defining policy for inclusion / exclusion lists. (DS-11086) - In Application Control, the drift number and button for "ALLOW ALL" or "BLOCK ALL" on the Action tab won't reflect the last executed state after user switches to any other page. The information displayed on the Action tab page will depend on how many unrecognized software items are being allowed or blocked by the current action, and if the number of items is very large then the page will take longer to be updated. (DS-10294) - If the Anti-Malware feature is enabled on a Windows 2016 DSA, Windows Defender will be disabled (default is up-and-running) and a popup warning for system reboot will be shown. After reboot of the system, administrators should be aware that the reboot-required warning event won't be dismissed on the DSM. (DS-10369) - In the Application Control > Actions tab page, it takes longer than expected to display the first drift card, and if there is a huge amount of drift, the performance is affected. (DS-9808) - Anti-malware endpoint correlation on Windows does not generate hash values. When anti-malware File Hash Calculation is enabled, the following cases may still not generate related hash values: 1. Multiple Spyware detections 2. Trojan detections with multiple files cleaned 3. Endpoint Correlation detection 4. Windows XP SP2 doesn't natively support SHA256 and no SHA256 value will be generated 5. Anti-exploit may calculate the hash values of victim file instead of malware file Note: the Anti-exploit detection often is a viction file instead of a malware file; the hash values of the victim must be carefully used. (DS-9573) - Upgrading to DS 10.0 with an Oracle 12c Database is not supported in a multi-tenant deployment. (DS-8139) - When using Application Control, if the existing rule set is large, it can take several minutes to enforce the action on the Agent protecting the computer. (DS-9464) - After changing from Combined mode to Agentless mode, Computers will not be displayed in the TMCM console. The display in DSM console will not be affected. Workaround: 1. Manually uninstall the DSA from the computer, do not deactivate the Agent. OR 2. Install the DSA back onto this computer. Then Activate this Agent back to combined mode. (DS-5977) - With the SAP module enabled and Netweaver running on the same host, when a realtime scan detects a malicious file it will be reported twice. To prevent this, users should add the Netweaver GUI process path e.g. "C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe" to their AM realtime scan exclusion list. (DS-6615) - Using Windows 10 Edge as your browser for DSM may show certificate errors. Microsoft Edge is a web browser included in Windows 10/2016 operation systems. Unlike IE, the Edge browser does not have a configuration option for Trusted Sites which allows the user to add websites (e.g. the DSM URL). However, administrators can still add the DSM URL to the list of trusted sites from the Control Panel(Control Panel > Network and Internet > Internet Options > select Security). (DS-4618) - When a user disables the scanner functionality and then enables the Relay after assigning a Scanner "On" policy to this Relay-enabled Agent, then deactivating and reactivating the Agent, on the Computer details page there will be a delay in display showing scanner icon and information first, then change to relay icon and information. (DS-4988) - When using Anti-Malware, there may be two pass/deny access/log events because of new Defer Scan enhancement. This occurs because there is a file write event which is deferred but then scanned immediately, and there is also another file open/create event of the same file simultaneously (for example, copy a file using explorer will generate a file write event and then a file open/ create event). (DS-2517) - When using Connected Threat Defense and submitting a quarantined file containing Multiple infected files to Deep Discovery Analyzer DDAn may not be able to unpack it for submission/analysis. When this occurs, the DSM does not allow the file to be submitted and the Submit to DDAn button will be disabled when the user selects quarantined spyware with multiple detections. (DS-2515) - When using Deep Security Scanner (SAP for Windows) to successfully scan and block MIME types for graphics files such as jpg, bmp and gif on the SAP WinGUI, administrators should enable the configuration parameter SCANBESTEFFORT. (DS-2499) - When using Trend Micro Control Manager (TMCM) with a locally installed Smart Protection Server (SPS) for the Connected Threat Defense feature, Deep Security (DS) will not only take the action according to Deep Security Web Reputation features (Security Level /score) but also take action according to Control Manager/Smart Protection Server (Log or Block for a URL). However, DS blocking page and events still show the risk information instead of specific action/reason or category information for this. For example: 1. Some pages rated/shown with Suspicious Risk Level are blocked when user setting of Web Reputation Security Level is Medium, to block Dangerous and Highly Suspicious pages 2. Some Web Reputation events are log events instead of block events and the user can\92t tell which is log event in DSM Web Reputation event pages.To clearly know this information, the user needs to login to TMCM to view the web reputation events with action/reason information. (DS-3947) - When using Deep Security Scanner (SAP for Windows), if a file extension does not match the MIME Type set of the file itself, the scan for virus will takd the Rule Violation error will not appear shortly. (DS-2484) - When a virtual machine is added through vCloud connector, after vMotion from unprotected ESXi host to a protected ESXi host, the virtual machine will not go from Agent-only protection to combined mode. (DS-557) - When using Deep Security Scanner (SAP for Windows) and the block MIME Type is set to application/zip on the SAP WinGUI, the scan will proceed but will not block the .zip file immediately and will take some time to return the result if the .zip file is large. (DS-2470) - When exporting a security policy to a XML file, the inherited settings are not contained in the XML file. For example if a user exports a policy whose AM configurations are inherited, and consequently those AM configurations are not in the XML file, when the user imports the xml file policy into another DSM the imported policy's AM configurations will be empty because it is an orphan. The workaround is to assign a parent to the imported policy. (DS-1912) - In Deep Security 10, the DSM can correctly show IM event details according to the logged on user's timezone setting. However, the 'Installed Date' is not handled in this fix due to OS limitations. For example in SunOS, this value is not available. In MS Windows, the system only provides date part (YYYY-MM-DD), which means that no 'HH:mm:ss' The possible values of 'Installed Date' are: 1. Jan 02 1970 12:00 (hard-coded, in SunOS) 2. YYYY-MM-DD (only the date part, in MS Windows) 3. YYYY-MM-DD hh:mm:ss (the endpoint's local time without timezone) (DS-1915) - When using Deep Security Scanner (SAP for Windows), if the file to be scanned exceeds the DSM scan size limitation then instead of an "Extracted file size exceeded the limit" error, a "Skip file error" result will be returned. (DS-2002) - When using Deep Security Scanner (SAP for Windows), there is a difference in compressed files scan behavior between .zip and .sar file types. If the file to be scanned is a .sar file and the scanned file, when extracted, is larger than the Scan Limit configured on the DSM, then the scan will be skipped. For .zip files, the scan will be completed as long as the scanned file, when extracted is smaller than the Extract size configured through the SAP profile (DS-1126) - When using TMCM 6.0 SP3, a user-defined Suspicious Object doesn't have a filterCRC value and therefore Deep Security cannot detect/block this type of file. (DS-768) - Online Help Search does not support special characters such as "!", "#" and "%". (DS-6453) - When using the "Discover Computers" feature to discover computers by IP Range, some false positives may be detected. This issue is caused by a defect in the bundled JRE 1.8u102 and will be fixed in the next Deep Security release. (DS-10953) - When using Connected Threat Defense, sometimes, the "Submission Status" field of Identified files may become "Report Unavailable" because DS can't get the analysis result from Deep Discovery Analyzer for the submission over one day. DS will no longer wait for the result of this submission and the user will have to choose the identified file (event) and button to submit the file to Deep Discovert Analyzer manually. Then, DSM will submit the file, reset the submission date, and wait/retrieve for DDAn analysis result again. (DS-98) - Support for the Docker overlay network driver will be introduced post-10.0. (DS-11301) - If SOAP API is being used in previous versions of Deep Security, WSDL file on the client side needs to be updated after upgrading the DSM to version 10.0 for proper exception handling. The WSDL file is available from the Administration > System Settings > Advanced Page > SOAP Web Service API section. (11323) - A "Refresh" notification appears on the UI after undoing an action in Application Control. (DS-10151) - When copying smart-folders, sub-folders are not copied. Duplicating a multi-level smart-folder only duplicates the original folder and not the children under it. (DS-10664) - When a user is logged in with view-only rights for computers, they are able to see the gear icon for modifying a smart folder, but clicking the icon does not work. The gear should be hidden if the user doesn't have permission to use it. (DS-10357) - Using a Safari browser, the filter search option in Application Control under the ACTIONS tab only works one time, then you need to flip to another tab and back to do another search. On Chrome, Firefox and IE11 it works every time. (DS-7844) - An unexpected "Applying Application Control Ruleset Failed Verification" warning may be raised after the DSA is upgraded. (DS-10477) - When viewing Application Control drift events using the time-based histogram, there is a known boundary issue where, when selecting the detailed histogram view, some events from the higher-level view are not shown in the expanded view below. The workaround for this issue is to adjust the time filter at the top of the histogram expanded view, and the drift events will then be displayed correctly. (DS-11376) - Oracle Container Database (CDB) is not supported with Deep Security Manager multi-tenancy. (DS-7660) - When a virtual machine is added through vCloud connector, after vMotion from a protected ESXi host to an unprotected ESXi host, the virtual machine will not go from combined mode to Agent-only protection. (DS-558) - When the DSM re-registers to TMCM, all DSM logs (AM, Firewall, file hash detection log) index will be reset and the logs are re-sent to TMCM which might cause log duplicates in TMCM. (DS-4117) - In an Agentless environment with a GuestVM Windows 2008 R2 64-bit protected by a DSVA, the SAP Configuration page will display "Platform not supported." (DS-4987) - If DSVA is configured in Agent-Initiated mode, user cannot successfully activate the guest agents via DSM's web UI. A "Protocol error" is shown in the web UI. The best practice for deploying DSVA is bi-directional mode. (DS-9924) - In Application Control, when a user selects to undo a Block or Allow decision, the event "Decision Log Undo" should be generated but instead an event: "Apply ruleset failed" is incorrectly generated. (DS-11478) - Due to the lack of support of a cipher suite, Microsoft Windows XP and 2003 are no longer able to download the Deep Security Agent using a standard deployment script. As work-around, put the agent package on a web server and modify the deployment script to download it from the new location rather from the Deep Security Manager. (DSSEG-1237) 7.1 Known Issues from Deep Security 9.6 SP1 Patch 1 U6 ======================================================================== - Some platforms (e.g. Linux) do not distinguish network interfaces at the packet level, when they are connected to the same network. When enabling "Policy -> Interface Types -> Rules can apply to specific interfaces" on these platforms, firewall policies that attempt to distinguish between network interfaces connected to the same network will result in only one of the policies being applied. [29543] - The Trusted Platform Module (TPM) monitoring does not work on vSphere 6 environment. When enabled, the event "The vCenter sent empty or unreliable TPM information that has been ignored. This is only an issue if the problem persists" will appear. In rare circumstances, the value may also be unreliable on vSphere 5.5 environment. VMware is already investigating this issue. [29268/27166] - When doing vMotion of many simultaneous VMs, some of the VMs may appear as Anti-Malware Engine Offline after it moves to the new host. This occurred because the DSM checked the status of the VMs during heartbeat before the vMotion is finished. Doing another check status or waiting for the next heartbeat will fix the status. [28825] - If vMotion occurs while Anti-Malware scan is happening, there is a possibility that the scan will not continue after moving from one Agentless protected host to another. If you see an event saying "Manual Malware Scan Failure" or if you see a "Manual Malware Scan Started" without a corresponding "Manual Malware Scan Completed", then this means that the scan has stopped and did not finish. [28059] - During the upgrade process after removing the Filter Driver, Deep Security Manager will display "Intrusion Prevention Engine Offline and Firewall Engine Offline" regardless of policy until the Deep Security Virtual Appliance is upgraded.[28992] - If the Deep Security Relay is down during deployment of Deep Security Virtual Appliance, it will fail to upgrade and will cause the vShield Endpoint to not register. Even after the Deep Security Virtual Appliance upgrade becomes successful, the vShield Endpoint will remain in a Not Registered state. Reactivating the Deep Security Virtual Appliance will resolve this issue. [28712] - If agentless Anti-Malware real-time protection is turned off, the notifier will not get any status updates from the appliance. It will then turn off Antivirus protection in the Windows Action Center. [29230/29574] - When you deactivate the Deep Security Virtual Appliance or agentless protection, the notifier will not be able to get any status from the Deep Security Virtual Appliance. The notifier knows that Anti-Malware is not working so it will turn it off in the Windows Action Center. It does not know the status of the firewall so it will leave the firewall status in the Windows Action center in its last known state. [29230/29574] - The CPU Usage (Agent only) setting under Manual and Scheduled Scan Configuration in the Deep Security Manager console is not working on SUSE 10 SP3 and SP4. [20717] - Agentless protection is not supported in ESX 5.1 with NSX. ESX 5.5, VCenter 5.5 and NSX Manager 6.0.5 are the minimum requirements for agentless protection. [22062] - Excluding a folder in Anti-Malware agentless protection would also exclude folders that starts with the same folder name. For example, excluding c:\temp also excludes c:\temp1 and c:\temp2 from Anti-Malware scanning. [22037] - Anti-Malware, Web Reputation, Integrity Monitoring, and Log Inspection should not be enabled on the policy that is assigned to the Deep Security Virtual Appliance itself. These features are not supported when applied to the Deep Security Virtual Appliance and may produce error events. [21250] - It can take up to 30 minutes before the appliance is ready for deployment through NSX Manager after importing the Deep Security Virtual Appliance package to the DSM. Deploying the appliance before the package is in place at \temp would result in failure. [23150] - The Deep Security Manager will display the platform of CentOS machines as Red Hat. This is because the agent package used in CentOS and Red Hat are the same and labeled as Red Hat agent package. [21674/25156] - Location awareness will not work on pure IPv6 environment. [12776] - Infected file will still appear in Quarantined Files list even if the Anti-Malware Event says Quarantine Failed. [21620] - In the computer updates page, DSM will show Smart Scan Agent Pattern, Spyware Active Monitoring Pattern and Virus pattern in Deep Security Agent for Linux regardless of the scan mode. [21829] - Software update using IPv6 is currently not supported by Trend Micro download center. [25937] - After Deep Security Agent upgrade, the event "Abnormal Restart Detected" may appear. The upgrade is not affected by this event and may be safely ignored. Do Clear Warnings and Errors and perform a Check Status to reflect the actual status of the agent. [26619] - The Out of Sync relays hyperlink displays the correct count but clicking the link will display both out of date computers and relays. [23418/21042] - Deep Security Manager does not support installation paths that contain special characters (non-alphabet and non-numeric characters). The same restriction also applies to the database name and/or database account used by Deep Security Manager. [16708] - When a user runs Agent-initiated recommendation scan using the "dsa_control -m RecommendationScan:true" command, no system event related to recommendation scan is recorded. - In Multi-Tenant installations, the Primary tenant Deep Security Manager may cause "Reconnaissance Detected: Network or Port Scan" alerts on Tenants' Deep Security Managers. To avoid these alerts, Tenants can manually add the Primary Tenant's Deep Security Manager IP address to the "Ignore Reconnaissance" IP list. (Policies > Common Objects > Lists > IP Lists). [17175] - In rare cases, adding a vCloud or AWS Cloud Account in Deep Security Manager can result in the creation of two identical Cloud Accounts. If this occurs, either one of the two accounts can be safely removed. [17280/17051] - In a cloud provider environment if the "Enable regular synchronization with Cloud Provider" option is disabled, changing the Deep Security Agent hostname will disrupt the communication between Deep Security Manager and Deep Security Agent. Trend Micro strongly recommends keeping the "Enable regular synchronization with Cloud Provider" option ON. [15608] - If the Manager node(s) and the Database are installed on machines with synchronized clocks but configured for different time-zones, an error indicating that the clocks are not synchronized will be triggered incorrectly. [17100] - On Windows 2008 and Server 2012 systems, after installing the Deep Security Manager with a co-located Relay, the Deep Security Notifier icon does not automatically appear in the Windows notification area. However, the Deep Security Notifier will still function. Users need to re-launch the Deep Security Notifier from the "Start" menu or restart the system. [17533] - When using Deep Security in iCRC mode, a DNS server must be available. If a DNS server is unavailable the Anti-Malware feature of the Deep Security Virtual Appliance may not function correctly. [Deep Security 8.0-01169] - Deep Security Manager does not support License updates or connecting to the Trend Micro Certified Safe Software Service using a SOCKS5 proxy. To use these two features, use an HTTP proxy. [Deep Security 8.0-1024] - In certain cases, when attempting to use the dsm_s stop command on Linux to stop the Deep Security Manager service, you may get the following message: "Timeout. Daemon did not shutdown yet." Dsm_s is based on install4j whose timeout value is 15 seconds, which cannot be changed. The Deep Security Manager may require longer than this to shut down. To ensure the service has been shut down run the "ps -ef | grep DSMService" command before using the dsm_s stop command. [Deep Security 8.0-00095] - Air-gapped Relays will still try to contact an Update Server to check for Updates. To avoid update failure alerts, set the Relay to use itself as an update source: 1. In the Relay's "Details" window, go to "System > System Settings > Updates". 2. In the "Relays" area, select "Other Update Source:" and add "https://localhost:4122". 3. Click "Save". [Deep Security 8.0-01124] - If an ESXi with an installed vShield Endpoint driver is removed from its vCenter, Deep Security Manager cannot detect the installed driver if the ESXi is later re-added to the vf. This will cause any newly Deep Security Virtual Appliance- protected virtual machines to not have Anti-Malware enabled. The workaround is to uninstall and reinstall the driver through the VSM. [Deep Security 8.0-01036] - Intrusion Prevention is not supported over SSL connections when using IPv6. - The Anti-Malware scan inclusion/exclusion directory settings are sensitive to forward slash "/" and backslash "\". For use with Windows operating systems the inclusion/exclusion paths must use the backslash "\". [7.5 SP1-00231] - When creating custom Integrity Monitoring Rules using the "RegistryKeySet" tag, the attribute values must be in uppercase letters. For example, . Using lowercase may result in an "Integrity Monitoring Rule Compile Issue" error. [7.5 SP1-00171] - Malware scans of network shared folders are only supported using real-time scan. Manual scans or scheduled scans will not work. [7.5-00012] - If a CD or a mounted ISO file contains malware and the Anti-Malware configuration is set to "Delete" upon detection, Deep Security Manager will still report that the malware was "deleted" even if it was unable to do so. [7.5-00010] - Deep Security Manager cannot display an incorrect filename event in the Anti-Malware Event if the malware was found in the "Recycle Bin". [7.5-00023] - During an upgrade, the Deep Security Manager service may not be able to install properly on some platforms if the "Services" screen is open. To work around this, make sure the "Services" screen is closed prior to installation or upgrade of Deep Security Manager. - If you receive a "java.lang.OutOfMemoryError" error during the installation of Deep Security Manager, please refer to the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/ for instructions on how to configure the maximum memory usage for the installer. - During an upgrade, if you receive a message stating that the Deep Security Manager cannot start the service, restarting Deep Security Manager usually fixes the problem. In rare cases, you may have to run the installer again in Upgrade/Repair mode after restarting. - If Windows Firewall is enabled on Deep Security Manager, it may interfere with port scans causing false port scan results. Windows Firewall may proxy ports 21, 389, 1002, and 1720 resulting in these ports always appearing open regardless of any filter placed on the computer. - By default Exchange 2000 and later servers will dynamically assign a non-privileged port (1024-65535) for communications between the client and the server for the System Attendant, Information Store, and Name Service Provider Interface (NSPI) services. If you will be using the Microsoft Exchange Server profile with an Exchange 2000 or later server then you should configure these services to use static ports as described in the article "Exchange 2000 and Exchange 2003 static port mappings" (http://support.microsoft.com/?kbid=270836). Once static ports have been configured you should extend the appropriate Exchange Server port list to include the ports that have been assigned to these services. You may also want to set the "No RFR Service" registry setting to "1" to prevent the Exchange server from referring clients to the domain controller for address book information. See the article "How Outlook 2000 Accesses Active Directory" (http://support.microsoft.com/?kbid=302914) for more information. Alternatively, it is possible to configure Exchange RPC to run over HTTPS if you are using Outlook 2003 on Windows XP Service Pack 1 or later with Exchange Server 2003. In this case only port 443 needs to be added to the Exchange port list. - The "Recommendation" Alert may remain raised on some computers even after all recommended Intrusion Prevention, Integrity and Log Inspection Rules appear to have been applied. This can occur because even though an "Application Type" may be recommended for a computer, the "Application Type" will not be displayed in the "Show Recommended" view if no Intrusion Prevention Rules associated with Application Type are currently recommended. To resolve the situation, use the "Show All" view of the Intrusion Prevention Rules screen and assign all recommended "Application Types" (even if no associated Rules are currently recommended). Alternatively, you can just dismiss the alert after verifying that you have assigned all recommended rules to the computer. [8345] - When an Appliance-protected VM is migrated from one Appliance-protected ESXi to another, and if that virtual machine currently has warnings or errors associated with it (for example "Reconnaissance Detected"), those errors may incorrectly get cleared during the migration. [10602] - Log Inspection Events have a size limitation of 6000 characters. 8. Release History ======================================================================== See the following website for more information about updates to this product: http://www.trendmicro.com/download - Deep Security Manager 10.0, Build 10.0.3259, March 6, 2017 - Deep Security Manager 10.0 Update 1, Build 10.0.3271, May 03, 2017 - Deep Security Manager 10.0 Update 2, Build 10.0.3297, July 13, 2017 - Deep Security Manager 10.0 Update 3, Build 10.0.3305, August 10, 2017 - Deep Security Manager 10.0 Update 4, Build 10.0.3315, September 11, 2017 - Deep Security Manager 10.0 Update 5, Build 10.0.3325, October 16, 2017 - Deep Security Manager 10.0 Update 6, Build 10.0.3346, December 12, 2017 - Deep Security Manager 10.0 Update 7, Build 10.0.3359, January 24, 2018 - Deep Security Manager 10.0 Update 8, Build 10.0.3367, February 28, 2018 - Deep Security Manager 10.0 Update 9, Build 10.0.3371, April 4, 2018 - Deep Security Manager 10.0 Update 10, Build 10.0.3374, April 24, 2018 - Deep Security Manager 10.0 Update 11, Build 10.0.3376, May 22, 2018 - Deep Security Manager 10.0 Update 12, Build 10.0.3382, June 12, 2018 - Deep Security Manager 10.0 Update 13, Build 10.0.3392, August 13, 2018 - Deep Security Manager 10.0 Update 14, Build 10.0.3402, September 27, 2018 - Deep Security Manager 10.0 Update 15, Build 10.0.3410, October 30, 2018 - Deep Security Manager 10.0 Update 16, Build 10.0.3419, December 17, 2018 - Deep Security Manager 10.0 Update 17, Build 10.0.3428, January 31, 2019 - Deep Security Manager 10.0 Update 18, Build 10.0.3432, March 28, 2019 - Deep Security Manager 10.0 Update 19, Build 10.0.3437, May 24, 2019 - Deep Security Manager 10.0 Update 20, Build 10.0.3445, June 25, 2019 8.1 Deep Security Manager 10.0.3271 ======================================================================== 8.1.1 Enhancements ===================================================================== The following enhancement is included in this release: Enhancement 1: [DSSEG-948/SF00314256] The Deep Security Azure cloud connector did not support Azure CSP subscriptions. Solution 1: The Deep Security Azure cloud connector now supports Azure CSP subscriptions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.1.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-956] The default settings for Document Exploit Protection in Deep Security Manager 10.0 may be too aggressive for tenants, resulting in some false-positive detection. Additionally, if a customer had configured Malware Scan Configuration settings in 9.6 SP1, it could result in Document Exploit Protection being disabled in Deep Security 10.0. Solution 1: Change the Document Exploit Protection settings back to Trend Micro recommended settings. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-954] In an NSX 6.3 environment, shutting down the Deep Security Virtual Appliance would cause the protected VM to lose network connectivity. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-927] When Deep Security Manager was using Microsoft SQL Server 2008 R2 or earlier, the Deep Security Manager console was unable to show an instance list under a vCloud connector that contained more than 500 activated instances. Solution 3: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-926] When a user manually added a computer to the Deep Security Manager console and also imported the vCenter containing the computer, Deep Security Manager would raise a duplicate UUID alert. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-887] When Deep Security Manager was synced with an Active Directory using the "Assign the same Deep Security Role to all Directory Group members" option, a newly- added user could not log in to Deep Security Manager until the Active Directory was re-synced. Solution 5: This issued was caused by a null value exception. Deep Security Manager now handles the null value exception. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-867] When users navigated to the Actions tab in Deep Security Manager but didn't have the appropriate permissions for the page, they would be logged out. Solution 6: When users without appropriate permissions navigate to the Actions tab, they will not be logged out and they will see an error message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-866] When viewing application control drift events using the time-based histogram, there is a known boundary issue where, when selecting the detailed histogram view, some events from the higher-level view are not shown in the expanded view below. Solution 7: The logic used to calculate the x-axis in histograms has been improved. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-850] With application control, when sending a new policy with an updated ruleset, although the policy was received by the agent, the enforcement did not occur as expected. This triggered an error that was reported by the agent. Solution 8: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-849] A large number of application control shared rule sets would accumulate on the Deep Security Manager file system. This was because whenever there was modification on the ruleset, it was not deleted. Solution 9: A housekeeping mechanism is now in place so that application control removes the temporary ruleset files from Deep Security Manager's file system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [DSSEG-777] With application control, when a user performs the undo of a Block or Allow decision, the event "Decision Log Undo" should be generated. Instead, an "Apply ruleset failed" event was incorrectly generated. This was caused by conflicting event IDs. Solution 10: The Decision Log Undo ID has been changed to prevent this conflict. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.2 Deep Security Manager 10.0.3297 ======================================================================== 8.2.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-1089/SEG-875] In some environments, the Anti-Malware Solution Platform (AMSP) could cause high disk input/output when the common scan cache was on. By default, the AMSP common scan cache is on. To disable it, open a Windows command prompt on the Deep Security Manager computer, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.disableAmspCommonScanCache -value true ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-838] In previous releases, the "Smart Protection Server Disconnected" alert could only be cleared manually by a user. In this release, Deep Security Manager will clear the alert automatically when it receives a "Smart Protection Server Connected" event. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-1127/DSSEG-1126,1127/SEG-8328] By default, Deep Security Agents send ping requests to a domain controller (DC) every 10 seconds for the Contexts function. This release enables users to configure agents to not send ping requests to domain controllers if the Contexts function is not used: To configure the agents not to send ping requests to domain controllers: 1. In Deep Security Manager, go to "Administration > System Settings > Contexts". 2. Set "Test Interval" to "Never" and click "Save". Note: This enhancement requires that you upgrade your Deep Security Agents to 10.0 Update 2 to make the setting take effect. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 4: This release adds the ability to specify a timeout value for scheduled malware scans. You can see the new option by going to Administration > Scheduled Tasks and adding or editing a "Scan Computers for Malware" scheduled task. The timeout option is available for daily, weekly, monthly, and once-only scans. It is not available for hourly scans. When a scheduled malware scan is running and the timeout limit has been reached, any tasks that are currently running or pending will be cancelled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 5: [DSSEG-1058] Deep Security Manager now provides a single deployment script for both Windows and Linux and adds the ability to allow customers to select a proxy setting and add it to the deployment script. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.2.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1168] In previous releases, the Deep Security Manager installer only accepted a colon as the separator in the host name on the Database screen. In a silent install, it was "DatabaseScreen.Hostname=Hostname\IP:Port number". Solution 1: In this release, you can use either a colon or comma as the separator. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1144] When adding an Azure connector via proxy with authentication required, the authentication would fail. Solution 2: Based on a suggestion from Oracle, basic authentication is now reactivated while using the Active Directory Authentication Library (ADAL). Note 2: http://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1129/SEG-3089] Image files with a .png extension in the Deep Security Manager diagnostic package could not be opened. Solution 3: File extension of the images was corrected to be .svg, to match the image format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1078] There was a cross-site scripting risk in the Deep Security Manager general script page common.js. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1061] When the Use a Schedule for Upgrade option is selected, the upgrade time is on based on the time zone of the Deep Security Manager computer. However, the schedule displayed under Policies > Common Objects > Other > Schedules reflected the time zone where the user is located, which could be different from the time zone of the Deep Security Manager. This difference sometimes caused confusion. Solution 5: The schedules displayed on the "Schedules" page are not associated with any time zone. But when a schedule is applied to a rule or task, it will be applied using the Deep Security Manager or Agent's local time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-1054] The database migration task in the Deep Security 10 GM build did not set migration status correctly and dropped temporary tables when there was no data that needed to be migrated. This prevented the Deep Security Manager from receiving any agent events. Solution 6: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-1053] Some users experienced issues with scheduled tasks, where the task was being performed on the wrong day. This was because the task day was scheduled in the timezone of the Deep Security Manager or tenant, which could be significantly different from the user timezone. While the time of day would be correctly converted between the user timezone and the scheduling timezone, in some cases if the conversion caused the day or date to change (for example, Wednesday May 10th 10pm UTC is equivalent to a Thursday May 11th 2am UTC+4), the task would be scheduled 24 hours too early or too late. Solution 7: With this release of Deep Security, all new scheduled tasks are created with a specified associated timezone. This can be edited in the scheduled task properties. Any existing tasks will have schedules displayed in the timezone in which they are currently scheduled (tenant or Deep Security Manager). Issue 8: [DSSEG-1005] During an agent-initated reactivation of the Deep Security Agent, Deep Security Manager sent a ResetAgent command to the agent before sending the activation command. If something went wrong during the reactivation process, such as a network disconnection, it could result in the agent being reset but not activated. Solution 8: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-994] When a load balancer was configured with a heartbeat hostname but the load balancer manager hostname was empty, it would cause the agent to receive an empty manager hostname and package downloads would fail. Solution 9: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [DSSEG-990] When using Deep Security Manager with Oracle Database 12c version 12.1.0.2.0 or higher, a maintenance job would not complete successfully. In the Deep Security Manager console, under Administration > System Information > System Details > Optimizations > Maintenance Job Schedule, the "Last run" time would display "Never". Solution 10: This release upgrades the JDBC driver to version 12.1.0.2, which enhances database performance and resolves this issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 11: [DSSEG-951] When Deep Security Manager performed a Synchronize VMware vCenter job and the job could not be completed, it occupied Deep Security Manager resources and other jobs could not be processed. Solution 11: This hot fix adds a timeout value to the Synchronize VMware vCenter job. If the job cannot be finished within two minutes, Deep Security Manager will terminate the job so that other jobs will not be affected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 12: [DSSEG-886] When Deep Security updated its components, some computers appeared out of date on the Security Updates page. The out-of-date warning message could persist for more than an hour. Solution 12: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 13: [DSSEG-1123] When changing a user password, the password was available as plain in the body of the response. Solution 13: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.3 Deep Security Manager 10.0.3305 ======================================================================== 8.3.1 Enhancements ===================================================================== There are no enhancements in this release. 8.3.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1275/SEG-11140/SEG-11414/SEG-11262/SEG-11244/SEG-11337] Deleting a vMotion job completion state record while synchronizing with vCenter sometimes caused Deep Security Manager to become locked. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1256/SEG-11143] The numbers displayed in the Reconnaissance section of an Attack Report were incorrect. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1251] In the 7-day view, the dashboard widget graphs were being populated based on the timezone of the Deep Security Manager or tenant. If users were in a different timezone, the display could be confusing. Solution 3: Graphs are now populated based on the user's timezone. If the user's timezone in "User Properties" is changed, the graphs will populate based on the new timezone when the page is reloaded. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1227] In environments where Debian is installed without lsb_release, such as in Azure, a Deep Security deployment script would produce an "Unsupported platform is detected" error. Solution 4: The deployment script now allows Debian with or without lsb_release installed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1176, DSSEG-1171] Cross-site scripting vulnerabilities were identified. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.4 Deep Security Manager 10.0.3315 ======================================================================== 8.4.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-1309] Deep Security Manager can now be installed on Microsoft Windows Server 2016. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-1308/00408162/00416136/00278947/00418482/00439807] Deep Security Manager now supports Microsoft SQL Server 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.4.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1392] The count number for new available software was not correct. When a user clicked the software link, there were no updates listed. Solution 1: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1346] In past releases, the default value for the "Administration > System Settings > Storage > Automatically delete System Events older than:" setting was "Never". This sometimes resulted in the Deep Security Manager SystemEvents table becoming too large because system events were not pruned unless customers changed the default value. Solution 2: Starting with this release, the default setting for "Automatically delete System Events older than" has been changed to "53 Weeks (534240)". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1297/SEG-11373] SQL Server Express is supported as of Deep Security 10.0 Update 2, but the warning messages when using SQL Server Express were not updated in Japanese and Simplified Chinese. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1295/SEG-9782] File lists would not accept multiple files. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1290] When Deep Security Manager was installed in silent mode, Install4j would put all user-supplied installation parameters into install.varfile. Some of those parameters contained sensitive information such as the license code and password. Solution 5: The installer will no longer write those sensitive parameters into the file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-1287] The SystemEventX.arc and AgentEventX.arc files were not removed after insertion of records. By default, the undeleted *.arc files were reparsed for insertion of records every 10 minutes as part of Disk Monitoring job and during the Deep Security Manager service restart. Solution 6: The files are now removed after records are inserted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-1156/SEG-3648] There was a performance issue in Deep Security Manager when loading the Computers page and Computer Status widget with a large VMware environment deployment. Solution 7: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-986] When a scheduled malware scan was running, the URL of a Deep Security Virtual Appliance displayed in the Malware Scan Status widget was incorrect. Solution 8: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.5 Deep Security Manager 10.0.3325 ======================================================================== 8.5.1 Enhancements ===================================================================== The following enhancement is included in this release: Enhancement 1: [DSSEG-1404/TT 353335] A new policy setting (Computer/Policy editor > Settings > General > Suppress all pop-up notifications on host) enables you to hide all pop-up windows on hosts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.5.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1478/SEG-13376] NSX synchronization was not able to run within the scheduled vCenter synchronization task execution in a multiple vCenter environment. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1472/SEG-10032] Deep Security Manager encountered high memory usage when performing recommendation scans for computers that install large amount of software. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1429/SEG-13059] The SOAP API eventretrieve() method did not sort the result set. As a result, these problems somtimes occurred: the incorrect last event ID was shown, events were missing, or there were duplicate events. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1420/SEG-13068] Deep Security Manager opened an unneeded connection to vCenter during the post-activation process for a virtual appliance, which sometimes caused an activation failure due to a connection timeout. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1355/SEG-12776] If Deep Security Manager could not get all running processses from the agent, a NullPointerException would appear in the log file. Solution 5: An error is now logged instead of a NullPointerException. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-1262] When Deep Security Manager was running in multi-tenant mode, the settings that control SIEM configuration for tenants did not work as expected. Solution 6: There is a new option under "System Settings > Tenants" that allows the primary tenant (t0) to hide or show SNS settings for tenants. If the t0 clears the checkboxes for the SIEM, SNS, and SNMP options on the "Tenants" tab, tenants will not see the "Administration > System Settings > Event Forwarding" tab. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.6 Deep Security Manager 10.0.3346 ======================================================================== 8.6.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-1592] Recommendation scans now runs significantly faster than in the previous release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-1289] Improved the performance when using IE/Edge when displaying pages that load spinners (animation graphics). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.6.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1765] In a multi-tenant Deep Security environment, if the primary tenant (t0) configured proxy settings, other tenants (tn) would see a false critical alert: "Invalid System Settings Detected". Solution 1: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1753/SEG-18290/SF00643059] A user upgraded Deep Security Manager from version 9.6 to 10.0, created a policy, and then exported the policy. When the policy was imported into a fresh installation of Deep Security Manager 10.0, some system settings were not maintained. Solution 2: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1678] When a multi-tenant environment had a single database and it's state was "Not Accepting Tenants", tenants could still be created using the REST API. Solution 3: The API will not be able to create tenants if the database is not accepting new tenants. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1674/528084/SEG-12190] When Deep Security Manager sent a policy update to agents, it used to acquire a RULESET_UPDATE_LOCK to protect application control data from concurrent updates. When sending a policy to a large number of agents, this would slow down the agent heartbeat jobs, eventually causing the agent heartbeats to be rejected. Solution 4: The critical section protected by RULESET_UPDATE_LOCK has been reduced. The RULESET_UPDATE_LOCK is now acquired for application control ruleset hash computation during the policy updates. This reduces contention for the lock while sending the policy to the agents and speeds up the heartbeat jobs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1651/SEG-16202] These issues occurred in a multi-tenant environment: - An administrator whose "Multi-Tenant Administration" permission was set to "View-only" was unable to save any of the settings under "Administration > Systems Settings" in Deep Security Manager. - When a primary tenant (t0) specified that the SIEM, SNMP, and SNS settings should be hidden from tenants, tenants (tn) would experience display issues with the "Administration > System Settings" tabs, where the tabs would move. Solution 5: These issues are fixed in this release ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-1650] The default value for the SNS setting was changed to false, which caused backward compatibility issues. Solution 6: The default value for the SNS setting has been changed back to true. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-1646] In Event-Based Tasks, adding a "*" character to the beginning of the regular expression to match ALL parent folders was not working as expected. Solution 7: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-1611/SEG-15581/SF00592192] Duplicate computers sometimes appeared under the same Active Directory. The duplicate computers could not be removed after an Active Directory synchronization. Solution 8: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-1587/SF00503030/SEG-10934] Customers using Deep Security 9.6 or earlier would see an alert indicating that a newer Deep Security Manager version is available, even after upgrading to the latest long-term support version (Deep Security 10.0). Solution 9: The check for Deep Security Manager updates now separates long-term support versions (like Deep Security 10.0) from feature releases (like Deep Security 10.1). Long-term support deployments only check from newer long-term support releases, while feature release deployments will check for any newer releases. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [DSSEG-1580] The versions of Java JRE and Apache Tomcat used in Deep Security Manager have been upgraded to Java 8 u152 and Apache Tomcat 8.5.23, respectively. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 11: [DSSEG-1555/SEG-12190] The heartbeat processing thread and job creation thread would sometimes block each other when one of them got stuck while acquiring a tenant host usage lock. This caused the Deep Security Manager system to become unresponsive. Solution 11: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 12: [DSSEG-1549] If a scheduled malware scan was triggered while a manual malware scan was already running, a manager job was created for the scheduled scan, which was not necessary. Solution 12: If a scheduled malware scan is triggered while a manual malware scan is already running, the scheduled malware scan will be skipped. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 13: [DSSEG-1534/SEG-12549/SEG-9431] Under certain circumstances, a VMotion procedure will open a new database transaction inside a vCenter synchronization transaction, which caused Deep Security Manager to become unresponsive and unable to create or process any jobs. Solution 13: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 14: [DSSEG-1516/SEG-7200] When a large number of host groups were added to Deep Security Manager, the loading speed of the Computers page became very slow. Solution 14: An algorithm has been improved to increase the page loading speed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 15: [DSSEG-1476/SEG-14212] In a multi-tenant environment, if the state of the primary tenant (t0) database was "Not Accepting Tenants" but there were other databases that could accept tenants, the options for the primary database server were still displayed in the tenant creation wizard. If no database was accepting tenants and an administrator attempted to create a new tenant, there was no warning until the tenant creation was being processed. Solution 15: If the state of the primary tenant (t0) database is "Not Accepting Tenants" but there are other databases that can accept tenants, the options for the primary database server are not displayed in the tenant creation wizard. If there are no databases accepting new tenants and an administrator tries to create a new tenant, the administrator will see this warning: "No database servers are configured to accept new tenants. Please review your database settings before adding a new tenant" and will not be able to continue with the wizard. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 16: [DSSEG-1148/SEG-1206] The default ICRC log level for a Deep Security Agent on Linux is "debug", which causes the ds_am-icrc.log file to grow quickly. Solution 16: Change the default ICRC log level to "warn". For a fresh agent installation, the default ICRC log level will be set to "warn" by default. To update an existing agent on Linux: 1. Upgrade the Deep Security Manager to the build that contains the fix. 8.6. On the Deep Security Manager computer, open a windows command prompt, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value true 3. Upgrade the Deep Security Agent to the build that contains the fix. 4. After the agents are upgraded and the default ICRC log level has been corrected, we recommend that you turn off the key. To do this, go to the Deep Security Manager computer, open a windows command prompt, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value false ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.7 Deep Security Manager 10.0.3359 ======================================================================== 8.7.1 Enhancements ===================================================================== The following enhancement is included in this release: Enhancement 1: [DSSEG-1703] Deep Security Manager has been improved to handle RESTful requests more efficiently. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.7.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1911/SEG-21111] Deep Security Manager did not prevent the creation of a policy that contained certain exceptions, which allowed an incomplete policy to be sent to agents. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1910] Deep Security Manager encountered high memory usage when performing recommendation scans for computers that install large amount of software. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1840/SF00670579/SEG-20155] When using an Oracle Database with Deep Security Manager, host groups sometimes did not display correctly in the Deep Security Manager console. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1745] When Deep Security Manager sent Web Reputation events to Trend Micro Control Manager, the time information for the events was incorrect. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1591/SEG-7200] When the "Computers" page in Deep Security Manager contained many host groups, the computer editor (displayed when you double-click a host) would load very slowly. Solution 5: The computer editor now will load more quickly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.8 Deep Security Manager 10.0.3367 ======================================================================== 8.8.1 Enhancements ===================================================================== There is one enhancement in this release: Enhancement 1: [DSSEG-1981] This release adds support for Amazon Linux 2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.8.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-1941/SEG-21111] When a database error was encountered while upgarding the schema for a T0 (primary tenant) database, the installer would continue the installation process. This issue could cause the software and database to have different schema versions. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1938] When multi-tenancy was not enabled, users who were assigned the "Full Access" role would see some screens related to multi-tenancy. Solution 2: This issue is fixed in this release. Screens related to multi-tenancy are displayed only in a multi-tenant environment. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1913/SEG-20404] When Deep Security Manager was running in single- tenant mode, the Deep Security Agent did not send events to the syslog server directly. Solution 3: If you have not encountered this issue in your Deep Security deployment, this release can prevent it. If the issue is occuring in your environment, apply this release and then execute the following command on the Deep Security Manager computer: dsm_c -action changesetting -name "settings.configuration.forceT0SyslogSettings" -value true ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1805] The event "Intrusion Prevention Rule Compilation Failed" appears when Deep Security Agent tries to compile intrusion prevention rules but fails. In previous releases, the warning message was not dismissed when the agent successfully compiled the rules on a subsequent attempt. Solution 4: The warning message is now dismissed automatically. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1705/603349/SEG-16030] Deleting inactive AWS hosts in an environment with a heavy concurrent cloud sync load caused database transaction deadlocks and prevented other operations from saving changes to the database. Solution 5: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.9 Deep Security Manager 10.0.3370 ======================================================================== 8.9.1 Enhancements ===================================================================== This release includes the following enhancements: Enhancement 1: [DSSEG-2015/SEG-23240] The versions of Java JRE used in Deep Security Manager have been upgraded to Java 8 u162. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-1906] TLS authentication is now enforced when accessing Trend Micro Active Update server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.9.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-2096] When Deep Security was operating in combined mode, recommendation scans did not generate and apply integrity monitoring rules to the virtual appliance. Solution 1: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1976] The folder name in Windows agent deployment script for Asiainfo Security was not correct. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1588] During vMotion, Deep Security Manager would display "Firewall Engine Offline" and "Intrusion Prevention Engine Offline" events, but there would not be a corresponding event when the vMotion was completed and the engine was back online. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.10 Deep Security Manager 10.0.3374 ======================================================================== 8.10.1 Enhancements ===================================================================== This release contains the following enhancements: Enhancement 1: [DSSEG-1954] With the introduction of certificate validation for agent deployment scripts, hash validation is no longer necessary. This release of Deep Security Manager removes the hash validation check for deployment scripts on Linux platforms. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-1761/VRTS-1842] To enhance security, this release contains upgrades to some third-party libraries used by Deep Security Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.10.2 Resolved Known Issues ===================================================================== This release resolves the following issue: Issue 1: [DSSEG-2123/SF00768090/SEG-24724] Some system events were not registered in the Deep Security Manager system event cache. As a result, if the time period for a summary report included one of those events, the report process could not find the event in the cache, causing a null pointer exception. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.11 Deep Security Manager 10.0.3376 ======================================================================== 8.11.1 Enhancements ===================================================================== There are no enhancements in this release. 8.11.2 Resolved Known Issues ===================================================================== This release resolves the following issue: Issue 1: [DSSEG-2241/SEG-21481] When intrusion prevention events were triggered by the intrusion prevention module rather than by an intrusion prevention rule, a syslog sent via Deep Security Manager would display the severity of the event as 10, but a syslog sent directly from the Deep Security Agent would display the severity as 5. In addition, there was a duplicate protocol name in the protocol field of a syslog forwarded via Deep Security Manager. Solution 1: With this release, the severity will be set consistently to 5 and the protocol name will not be duplicated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.12 Deep Security Manager 10.0.3382 ======================================================================== 8.12.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-2110] The Deep Security Virtual Appliance computer detail page now displays information about the version of the appliance that is deployed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-2262] The versions of Java JRE used in Deep Security Manager have been upgraded to Java 8 u172. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.12.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-2305/SEG-28922/00845132] In the Deep Security Manager console, users could not add files in root directory "/" to an exclusion file list. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2194/SEG-26960] Content in the DPI_Rule_Recommendation_Report was truncated when its length was longer than the field. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1889] When the regular expression used for an event-based task contained a negation (for example, do not activate a computer name that begins with a particular string), the match results were sometimes not as expected. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.13 Deep Security Manager 10.0.3392 ======================================================================== 8.13.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-2412] This release includes enhancements to the anti-evasion settings: - When changing the anti-evasion settings from Normal to Custom, the configurable values now show the normal setting values by default instead of strict setting values. - Most of the anti-evasion settings now have "Allow" and "Silent Deny" as available options. These options reduce the number of network events that tenants need to deal with. - New rules and tenants will not be have the "Deny" and "Log Only" options available in the anti-evasion custom logging options. However, these options remain unchanged for tenants who already have them selected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-1944/SEG-19575] A new password rule has been added for Deep Security Manager users. Passwords cannot match the username or username spelled backward (not case sensitive). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.13.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-2559] If you misuse firewall rules to block Address Resolution Protocol (ARP) traffic, you see 'Agent offline' issues in Deep Security Manager. This problem occurs because other necessary traffic (DNS or DHCP) is blocked even though ARP traffic is passed through the network engine. Solution 1: This issue is resolved by adding hidden 'Force Allow' firewall rules for ARP that allow you to bypass this necessary traffic through a Deep Security Manager control. Additionally, you can control whether to 'force allow' DNS, DHCP, and ICMP packet fragments using the new 'Force Allow DHCP DNS' and 'Force Allow ICMP type3 code4' settings. To find these settings, go to the manager's Policy editor or the Computer editor and click "Settings > Advanced". See the Deep Security Help Center for details. You might consider disabling DNS, DHCP, and ICMP if security concerns outweigh 'Agent offline' messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2521] This update fixes some security vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-2420/SF00895643/SEG-29809] In the File Lists, the Deep Security Manager did not accept the Windows file paths that started with a wildcard on the root directory of a file system. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-2416/SEG-26103] In Deep Security Manager, the wrong DNS name was displayed in the computer editor, under "Overview > General > VMware Virtual Machine Summary". Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-2410/SEG-13784] When Deep Security Manager processes a heartbeat from a Deep Security Agent on a cloud instance, it may need to acquire a lock to perform rehoming and update tenant host usage. In previous releases, the lock acquiring mechanism in Deep Security Manager could cause a bottleneck, resulting in an increased heartbeat rejection rate and negatively affecting Deep Security Manager performance. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-2384] Deployment scripts created in Deep Security Manager did not detect the correct version of Amazon Linux, resulting in Deep Security Agent for Amazon Linux being installed instead of Deep Security Agent Amazon Linux 2. Solution 6: This release fixes this issue. The deployment script correctly detects Amazon Linux 2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-2240/SEG-28221] A syslog server encountered errors when a hostname contained special characters. Solution 7: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-2214] Japanese translation of microseconds was shown as a milliseconds. Solution 8: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.14 Deep Security Manager 10.0.3402 ======================================================================== 8.14.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-2766] Deep Security Manager now supports Deep Security Agent for Debian 9. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-2742] This release includes enhancements to the Deep Security Manager diagnostics package: - The default file size limit has been increased from 200 MB to 2 GB. - When the verbose option is selected and the diagnostic package generates separate XML files for specific tables, the same information is not repeated in the debug.xml file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-2365] Anti-Malware Scan Engine can be displayed and has the option to enable or disable an update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.14.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-2702] The Deep Security Manager did not display system event 934 - Software Update: Anti-Malware Windows Platform Update Successful. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2670] Deep Security Manager did not allow activation of Deep Security Agents installed on servers running Solaris 9. Solution 2: Deep Security Manager has been modified to allow these activations. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-2664/SF00646921/SEG-26000] Microsoft Internet Expolorer consumed a large amount of CPU time when accessing the Deep Security Manager console. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-2645/SEG-13304] During a graceful Deep Security Manager node shutdown, if the node was used for NSX communication, the next manager node was assigned as an NSX communication node, even if that node was offline. Solution 4: Deep Security Manager now checks that the next manager node is online before assigning it as an NSX communication node. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-2621/SF01034097/SEG-32852] The Deep Security Agent's GUID is not included in the Anti-Malware and Web Reputation events when the Deep Security Manager sends those events to the Control Manager. Therefore, the Control Manager can't properly identify the affected hosts when processing the event notifications. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-2590] Collecting a Deep Security Manager diagnostic package using the dsm_c command with verbose enabled sometimes failed to include the debug.xml if there were more than 5000 hosts. Solution 6: This release has resolved this issue; however, for larger numbers of hosts (>10 000), the JVM memory for dsm_c.exe may need to be increased. This is done by creating a file named dsm_c.vmoptions and including, for example, "-Xmx2g" to increase memory to 2GB. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-2529/00829419/SEG-28660] Event Forwarding via Amazon SNS repeatedly caused send failures because of events with descriptions that were too long. Solution 7: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.15 Deep Security Manager 10.0.3410 ======================================================================== 8.15.1 Enhancements ===================================================================== The following enhancement is included in this release: Enhancement 1: [DSSEG-2902] In this release, a time zone improvement has been added to the Deep Security Manager logging. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.15.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-2798/01136786/SEG-34881] "User Session Validation Failed" events occurred unexpectedly when the Deep Security Manager sign-in page was accessed. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2743] The previous heartbeat default buffer size (2 KB) was too small in some environments, and could cause the Deep Security Agent to fail to communicate properly with the Deep Security Manager. Solution 2: The socket buffer size for agent-initiated communication is now configurable and the default value has been increased to 32 KB. To change the value, use this command: dsm_c -action changesetting -name settings.configuration.heartbeatSocketBufferSize -value VALUE ... where VALUE is the buffer size, in bytes. For example, to set the buffer to 2 KB, set the VALUE to 2048. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.16 Deep Security Manager 10.0.3419 ======================================================================== 8.16.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-3147] Added a system setting (settings.configuration.enableStrongCiphers) that allows users to enforce that all communication is conducted using strong ciphers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-2994/SEG-28030/SF00852527] In a multi-tenant Deep Security Manager environment, alert emails now include the Tenant Name and Tenant ID. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-2989] When generating a diagnostics package in Deep Security Manager running on Windows, if you select the "System Information" option, the diagnostics package will now include the manager's msinfo file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 4: [DSSEG-2783] The versions of Apache Tomcat used in Deep Security Manager have been upgraded to 8.5.34. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.16.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-3073/SEG-38539/01258057] When Event Forwarding was configured to forward logs from the Deep Security Agent directly to the Syslog Server, the Deep Security Manager continued to send the same logs to the Syslog Server. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2967/SF01312959/SEG-38377] UNC paths could not be added to Behavior Monitoring Protection Exceptions. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.17 Deep Security Manager 10.0.3428 ======================================================================== 8.17.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-3189] Oracle JRE 8u181 has been replaced with Azul Zulu OpenJDK 8u192. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-3161] When a protected ESXi is upgraded to a newer version or a new ESXi version is deployed, Deep Security Manager automatically detects the ESXi version and adds it to the Trend Micro Deep Security service in NSX Manager, which helps to ensure the successful deployment of the related version of dsva.ovf. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.17.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-3331/01458561/SEG-41188] When several ESXi hosts were managed by different vCenters, Deep Security Manager sometimes displayed incorrect Deep Security Virtual Appliance information. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-3179] Sometimes, when a large number of vMotion jobs did not finish normally (such as when the Deep Security Manager service was shut down) new vMotion jobs could not be processed. Other Deep Security Manager jobs were affected as well. Solution 2: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-2363/SEG-28457] When agent self-protection was enabled in a policy and the policy was duplicated, the duplicate copy of the policy did not include the correct self-protection password. Solution 3: A duplicate policy now includes the agent self- protection password, if one was specified in the original policy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.18 Deep Security Manager 10.0.3432 ======================================================================== 8.18.1 Enhancements ===================================================================== The following enhancement(s) are included in this release: Enhancement 1: [DSSEG-3415] Updated JRE to the latest Critical Patch Update (8.0.202). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.18.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-3539] When customers with a large number of smart folders, computer groups, and policies clicked "Events & Reports > Generate Reports" and then quickly switched to the "Recurring Reports" tab before the initial page was fully loaded, Deep Security Manager would display a spinner but the "Recurring Reports" tab was not populated unless the customer returned to the "Single Report" tab and allowed enough time for it to fully load. Solution 1: The Deep Security Manager console has been improved. Instead of presenting "Single Report" and "Recurring Reports" as tabs on the "Generate Reports" page, they are now separate items under "Generate Reports" in the navigation pane, which allows you to access them independently. The solution also makes the initial response of the "Single Report" page visible to the user much earlier and loads the necessary content on demand, significantly reducing latency. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-3338] In Deep Security Manager's Anti-Malware Quarantined File page, search and sort results based on "Computer" column were not correct. Solution 2: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.19 Deep Security Manager 10.0.3437 ======================================================================== 8.19.1 Enhancements ===================================================================== The following enhancement(s) are included in this release: Enhancement 1: [DSSEG-3779] Updated JRE to the latest Critical Patch Update (8.0.212). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-3750] For AWS connector full synchronization, synchronization errors have been isolated from different regions so that the errors will not affect the synchronization of other regions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-3730] Added the ability to enable or disable Common Scan Cache for each agent through a CLI command. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.19.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-3622/SEG-47711/01816620] The Log Source Identifier field of syslog configurations was changed when upgrading Deep Security Manager. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 9. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files: Manager-Windows-10.0.3445.x64.exe (64-bit) Manager-Linux-10.0.3445.x64.sh (64-bit) 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, Deep Security, "deep security solutions", and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide 13. Third-Party Software ======================================================================== Deep Security employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [Install Directory]/licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2019 Trend Micro Inc. All rights reserved. Published in Canada.