Trend Micro Incorporated March 28, 2018 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Agent 10.3 Critical Patch 3 for Linux ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ IMPORTANT: Deep Security 10.3 is a feature release. Feature releases are interim releases that provide early access to new features before the next major release becomes available. The lifecycle and support for feature releases are different from long-term support releases like 10.0. For details, see: https://help.deepsecurity.trendmicro.com/10_3/on-premise/feature-packs.html Deep Security Agent Platforms: - Red Hat Enterprise Linux 7 (64-bit) - Red Hat Enterprise Linux 6 (32-bit and 64-bit) - CentOS 7 (64-bit) - CentOS 6 (32-bit and 64-bit) - Oracle Linux 7 (64-bit)* - Oracle Linux 6 (32-bit and 64-bit)* - SUSE Enterprise Linux 11 SP1, SP2, SP3, and SP4 (32-bit and 64-bit) - SUSE Enterprise Linux 12 (64-bit) - CloudLinux 7.1 (64-bit) - Debian 8 (64-bit) - Ubuntu 16.04 LTS (64-bit) - Amazon AMI Linux 6 (64-bit) * Oracle Linux is supported on Red Hat kernels and Unbreakable kernels. Not Supported: - Red Hat Enterprise Linux 5 - CentOS 5 - Oracle Linux 5 - CloudLinux 6 - Debian 7 - Ubuntu 14.04 LTS For a list of specific Linux kernels supported for each platform, see: http://files.trendmicro.com/documentation/guides/deep_security/Kernel%20Support/10.3/Deep_Security_10_3_kernels_EN.html For a list of supported Deep Security features by software platform, see: https://help.deepsecurity.trendmicro.com/10_3/on-premise/supported-features-by-platform.html March 28, 2018 Release: 10.3 Critical Patch 3 Build Version: 10.3.0-214 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: https://www.trendmicro.com/en_us/business/products/hybrid-cloud.html Download the latest version of this readme from the Deep Security Help Center, Software page: https://help.deepsecurity.trendmicro.com/software-feature-releases.html Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 10.3 1.1 Overview of This Release 1.2 Who Should Install This Release 2. Release History 3. What's New 3.1 Enhancements 3.2 Resolved Known Issues 4. Documentation Set 5. System Requirements 6. Known Incompatibilities 7. Known Issues in Deep Security Agent 10.3 8. Files Included in This Release 9. Contact Information 10. About Trend Micro 11. License Agreement 12. Third Party Software =================================================================== 1. About Deep Security 10.3 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security 10.3 contains no new new feature enhancements however it contains bug fixes. For a complete list of the major changes in Deep Security 10.3 from previously released versions of Deep Security, see: https://help.deepsecurity.trendmicro.com/10_3/on-premise/whats-new.html 1.2 Who Should Install This Release ===================================================================== Deep Security 10.3 is a feature release. Feature releases are interim releases that provide early access to new features before the next major release becomes available. The lifecycle and support for feature releases are different from long-term support releases like 10.0. For details, see: https://help.deepsecurity.trendmicro.com/10_3/on-premise/feature-packs.html 2. Release History ======================================================================== 10.3.0-127 January 18, 2018 - GM release 10.3.0-206 March 20, 2018 - Critical Patch 2 10.3.0-214 March 28, 2018 - Critical Patch 3 3. What's New ======================================================================== 3.1 Enhancements ===================================================================== This release includes no enhancements. 3.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-2127/SEG-22579] Deep Security Agent running on a Linux computer did not generate quarantine events for files with the detection name PACP_CORRUPT.STD. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: - Information formerly contained in the Deep Security Installation Guides and Deep Security Administrator's Guide is now available on the Deep Security Help Center https://help.deepsecurity.trendmicro.com/10_3/on-premise/Welcome.html and includes: -- product overview, deployment plan, installation steps and basic information intended to help you smoothly deploy Deep Security. -- post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. - You can easily search the Help Center content or get context-sensitive help from your Deep Security Manager. 5. System Requirements ======================================================================== For a complete list of the system requirements, please refer to the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/10_3/on-premise/Get-Started/Install/system-requirements.html 6. Known Incompatibilities ======================================================================== There are no known incompatibilities for Deep Security 10.3. 7. Known Issues in Deep Security Agent 10.3 ======================================================================== - When the Deep Security Agent lightweight filter driver (tbimdsa.sys) is installed in a Windows environment where NIC teaming is configured as LACP mode, the "Microsoft Network Adapter Multiplexor Driver" device may enter a "Network cable unplugged" state. (DSSEG-1493) - When a Deep Security Agent has the relay feature enabled and then the agent is demoted to remove the relay while packages are being downloaded to the relay, those packages might not be removed from the agent. (DS-18215) - When an agent with relay functionality is in the "Enabling" or "Disabling" state, the operation cannot be canceled. If the operation hangs in either of these states, the agent with the relay functionality needs to be deactivated and then reactivated. (DS-16407) - Advanced threat detection (machine learning) does not work when a Deep Security Agent is using a proxy with IPv6 IP format. Please set the IPv6 host name format in the proxy setting for the policy. (DS-17807) - Advanced threat detection (machine learning) does not detect threats on USB storage devices on Windows 7. (DS-17536) - Deep Security 10.3 is a feature release in preparation for Deep Security 11.0 and has similar platform requirements to 11.0. The Deep Security Manager 10.3 installer blocks upgrades from Deep Security 9.5, including 9.5 versions of the Deep Security Manager, Deep Security Agent, Relay, and Deep Security Virtual Appliance. You can upgrade from Deep Security 9.5 to 9.6 and then to 10.3. (DS-14515) - When the Linux kernel on the Agent host is updated to a non-supported version, the DSA driver for Web Reputation, Anti-Malware and Intrusion Prevention modules will not be loaded and the modules will show as offline on the DSM UI. However the Web Reputation module is still shown as online. (DS-10586) - There is no threshold limitation on the local DSA DB size when in Application Control Maintenance Mode, and currently no method of pruning. (DS-10961) - When a virtual machine is added through vCloud connector, after vMotion from a protected ESXi host to an unprotected ESXi host, the virtual machine will not go from combined mode to Agent-only protection. [DS-558] - When a virtual machine is added through vCloud connector, after vMotion from an unprotected ESXi host to a protected ESXi host, the virtual machine will not go from Agent-only protection to combined mode. [DS-557] - Some platforms (e.g. Linux) do not distinguish network interfaces at the packet level, when they are connected to the same network. When enabling "Policy -> Interface Types -> Rules can apply to specific interfaces" on these platforms, firewall policies that attempt to distinguish between network interfaces connected to the same network will result in only one of the policies being applied. [29543] - The Trusted Platform Module (TPM) monitoring does not work on vSphere 6 environment. When enabled, the event "The vCenter sent empty or unreliable TPM information that has been ignored. This is only an issue if the problem persists" will appear. In rare circumstances, the value may also be unreliable on vSphere 5.5 environment. VMware is already investigating this issue. [29268/27166] - If the Integrity monitoring feature in Combined Mode is disabled, the Deep Security Notifier status will display it as Not Capable instead of Not Configured. [29403] - When doing vMotion of many simultaneous VMs, some of the VMs may appear as Anti-Malware Engine Offline after it moves to the new host. This occurred because the DSM checked the status of the VMs during heartbeat before the vMotion is finished. Doing another check status or waiting for the next heartbeat will fix the status. [28825] - Deep Security Azure Connector does not identify virtual machines created by Azure Resource Manager a.k.a ARM VM (v2). DSA installed in ARM VM will not be included in Azure connector but in normal computer list. This limitation will have no impact on security features provided by Deep Security. [29630] - If vMotion occurs while Anti-Malware scan is happening, there is a possibility that the scan will not continue after moving from one Agentless protected host to another. If you see an event saying "Manual Malware Scan Failure" or if you see a "Manual Malware Scan Started" without a corresponding "Manual Malware Scan Completed", then this means that the scan has stopped and did not finish. [28059] - During the upgrade process after removing the Filter Driver, Deep Security Manager will display "Intrusion Prevention Engine Offline and Firewall Engine Offline" regardless of policy until the Deep Security Virtual Appliance is upgraded to version SP1. [28992] - If the Deep Security Relay is down during deployment of Deep Security Virtual Appliance, it will fail to upgrade and will cause the vShield Endpoint to not register. Even after the Deep Security Virtual Appliance upgrade becomes successful, the vShield Endpoint will remain in a Not Registered state. Reactivating the Deep Security Virtual Appliance will resolve this issue. [28712] - Deep Security Agent could not convert shift-jis encoded characters to UTF-8. Therefore, any folders named with shift-jis encoding will be skipped during Integrity Monitoring scanning. [28879] - The CPU Usage (Agent only) setting under Manual and Scheduled Scan Configuration in the Deep Security Manager console is not working on SUSE 10 SP3 and SP4. [20717] - Deep Security Agent may not successfully install on the first release of Ubuntu 12.04 without any updates and patches. [23797] - CPU usage control in Scan for Integrity may not work after a reboot. Rebuild Integrity Baseline or reactivation will fix this. [20725/20563] - In Linux platforms, some malwares may not be detected if the DNS is very slow to respond to queries. [21208] - Some security components of Deep Security Agent with Relay feature enabled may get removed unexpectedly after an update. As a workaround, retry the security update. [24004] - The Deep Security Manager will display the platform of the agent package regardless of the platform where it is installed. For example, since the agent package used in CentOS and Red Hat are the same and labeled as Red Hat agent package, Deep Security Manager will display the platform as Red Hat. [21674/25156] - Deep Security Agent running on SUSE in Azure cloud will not be managed under Azure cloud account in the Deep Security Manager. The agent will appear under normal computers list. [26499] - After Deep Security Virtual Appliance upgrade, the error "Exceeded maximum concurrent events" may be noticed in the /var/log/messages file and the agentless protected guest virtual machines status change to "Anti-Malware Engine Offline". Rebooting the Deep Security Virtual Appliance will fix this issue. [26361] - Intrusion Prevention is not supported over SSL connections when using IPv6. - SYN Flood protection is only supported on versions 7.5 or earlier of the Windows Agents and on versions 7.5 or earlier of the Virtual Appliance. It is not supported on versions 7.5 Service Pack 1 or later of the Windows Agents or versions 7.5 Service Pack 1 or later of the Virtual Appliance. It is not supported on any versions of the Linux or Solaris Agents. - Log entries (Firewall and IPS Events) for OUTGOING traffic show zero-ed out MAC addresses. - When the network engine is working in TAP mode and the in-guest agent is offline, the Deep Security Virtual Appliance status will be "Stand By". When this occurs, Deep Security Virtual Appliance is actually online and IP/FW events will be logged when rules are triggered. [10948] - Log Inspection event logs are limited to 6000 characters. 8. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files: Agent-amzn1-10.3.0-214.x86_64.zip Agent-CloudLinux_7-10.3.0-214.x86_64.zip Agent-Debian_8-10.3.0-214.x86_64.zip Agent-Oracle_OL6-10.3.0-214.i386.zip Agent-Oracle_OL6-10.3.0-214.x86_64.zip Agent-Oracle_OL7-10.3.0-214.x86_64.zip Agent-RedHat_EL6-10.3.0-214.i386.zip Agent-RedHat_EL6-10.3.0-214.x86_64.zip Agent-RedHat_EL7-10.3.0-214.x86_64.zip Agent-SuSE_11-10.3.0-214.i386.zip Agent-SuSE_11-10.3.0-214.x86_64.zip Agent-SuSE_12-10.3.0-214.x86_64.zip Agent-Ubuntu_16.04-10.3.0-214.x86_64.zip To install Deep Security Agent on CentOS, use the Red Hat installer and package. For Amazon EC2, use either the Red Hat Enterprise 6 Agent package 32-bit or 64-bit) or the SUSE 11 Agent package (64-bit), depending on the base operating system used by your Amazon AMI. For a list of specific Linux kernels supported for each platform, see: http://files.trendmicro.com/documentation/guides/deep_security/Kernel%20Support/10.3/Deep_Security_10_3_kernels_EN.html 9. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via phone or email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Trend Micro, Deep Security, "deep security solutions", and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html 12. Third Party Software ======================================================================== Deep Security employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [Install Directory]/licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2018 Trend Micro Inc. All rights reserved. Published in Canada.