Trend Micro Incorporated May 22, 2018
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Readme for Trend Micro (TM) Deep Security Manager 11.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE: This readme file was current as of the date above. However,
all customers are advised to check Trend Micro's website for
documentation updates.
GM release documentation:
https://help.deepsecurity.trendmicro.com/11_0/on-premise/Welcome.html
Patch/SP release documentation:
https://help.deepsecurity.trendmicro.com/software.html
TIP: Register online with Trend Micro within 30 days of
installation to continue downloading new pattern files and
product updates from the Trend Micro website. Register
during installation or online at:
https://clp.trendmicro.com/FullRegistration?T=TM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deep Security Manager Platforms:
- Red Hat Enterprise Linux 7 (64-bit)
- Red Hat Enterprise Linux 6 (64-bit)
- Windows Server 2012 and 2012 R2 (64-bit)
- Windows Server 2008 and 2008 R2 (64-bit)
- Windows Server 2016 (64-bit)
Not Supported:
- Red Hat Enterprise Linux (RHEL) Xen Hypervisor
- Windows Server 2012 Core
- Windows Server 2008 Core
- Windows Server 2016 Core
- Deep Security Manager is not supported on 32-bit
versions of the Windows platform.
Date: May 22, 2018
Release: 11.0
Build Version: 11.0.221
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This product is subject to the terms detailed in the license agreement
and copied to the install directory. For more information about the
Trend Micro suite of Deep Security products, visit our website at:
https://www.trendmicro.com/en_us/business/products/hybrid-cloud.html
Download the latest version of this readme from the Deep Security
Software page:
https://help.deepsecurity.trendmicro.com/software-feature-releases.html
Trend Micro is always seeking to improve its documentation.
If you have questions, comments, or suggestions about this or any
Trend Micro documents, please contact us at docs@trendmicro.com.
Your feedback is always welcome.
Contents
===================================================================
1. About Deep Security 11.0
1.1 Overview of This Release
1.2 Who Should Install This Release
1.3 Upgrade Notice
2. What's New
2.1 Enhancements
2.2 Resolved Known Issues
3. Documentation Set
4. System Requirements
5. Installation
6. Known Incompatibilities
7. Known Issues in Deep Security Manager 11.0
8. Release History
9. Files Included in This Release
10. Contact Information
11. About Trend Micro
12. License Agreement
13. Third-Party Software
===================================================================
1. About Deep Security 11.0
========================================================================
1.1 Overview of This Release
=====================================================================
Deep Security 11.0 contains feature enhancements and bug fixes.
For a complete list of the major changes in Deep Security 11.0, see
the "What's New?" page on the Deep Security Help Center:
https://help.deepsecurity.trendmicro.com/11_0/on-premise/whats-new.html
1.2 Who Should Install This Release
=====================================================================
You should install this release if you are currently running Deep
Security 9.6 Service Pack 1 Patch 1, Deep Security 10.0 Update 8,
Deep Security 10.1, Deep Security 10.2, or Deep Security 10.3. All
new Deep Security users should install Deep Security 11.0.
1.3 Upgrade Notice
=====================================================================
- After a relay is upgraded successfully and all software packages
are imported into Deep Security Manager, users should wait at least
ten minutes before upgrading agents. Otherwise, a "Software Update:
Agent Software Upgrade Failed" error may occur. (DS-23195)
- The Simplified Chinese locale is no longer available in Deep
Security. Existing tenants and administrators who are using the
Simplified Chinese locale will be automatically transitioned to
English.
- If you are using PostgreSQL as your Deep Security database, prior
to upgrading to Deep Security Manager 11.0, check if the
communication between the Deep Security Manager and PostgreSQL
database is encrypted. Note that this is disabled by default and
would have been manually configured.
To check, verify whether the
Deep Security Manager\webclient\webapps\ROOT\WEB-INF\dsm.properties
file contains the line:
database.PostgreSQL.connectionParameters=ssl\=true
If it exists, disable the encryption by deleting the line and
restarting the Deep Security Manager service before upgrading. Add
the line back after the upgrade. Failure to disable the encryption
will cause the upgrade to fail.
For more information on how to set up the encryption on a
PostgreSQL database, see:
https://help.deepsecurity.trendmicro.com/11_0/on-premise/Manage-Components/dsm-db-encrypt.html
- If application control is turned on prior to upgrading the agents,
maintenance mode must be enabled to prevent application control
from blocking the upgrade of Deep Security components or reporting
software changes depending on the configuration.
- If you are using Microsoft SQL Server 2008 SP3 (or earlier) or
Microsoft SQL Server 2008 R2 SP1 (or earlier) as your Deep Security
database, check if the communication between the Deep Security
Manager and the database is encrypted prior to upgrading the Deep
Security Manager to 11.0.
Note that this is disabled by default and would have been manually
configured. To check, verify whether the
Deep Security Manager\webclient\webapps\ROOT\WEB-INF\dsm.properties
file contains the line:
database.SqlServer.ssl=require
If it exists, disable the encryption before upgrading and then
re-enable it when the upgrade is complete. For instructions, see:
https://help.deepsecurity.trendmicro.com/11_0/on-premise/Manage-Components/dsm-db-encrypt.html
Failure to disable the encryption will cause the upgrade to fail.
- Deep Security 11.0 includes significant improvements to the
upgrade process which contains functionality that checks your
currently installed Deep Security components and makes
personalized recommendations for your upgrade path. The upgrade
process also upgrades the database schema without requiring
manual steps.
- As usual, backup your database before upgrading and consider
performing the upgrade during off-hours. For more information see:
https://help.deepsecurity.trendmicro.com/11_0/on-premise/Manage-Components/update-database.html
- Deep Security Manager 10.1 and later no longer supports TLS 1.0/1.1
on port 4119. Older deployed relays (any version before 9.6 SP1
Patch1, 9.6.2-6400) will fail to get software packages from the
manager for distribution. To avoid having customers encounter
non-functional relays after the manager upgrade, the upgrade
readiness check marks the older relays as not supported. Customers
should upgrade the relays first before upgrading Deep Security
Manager. (DS-13980)
- The Deep Security console (default port: 4119) now requires clients
to use TLS v1.2 in order to connect. Customers who are using
Windows Powershell for their deployment scripts will need to update
the deployment script to include the line:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
prior to the agent download step.
To download the agent to systems that do not support TLS 1.2 at all,
a possible workaround is to host the agent software on a web server
that supports TLS 1.0. Alternatively, you can refer to the Help Center
for instructions on how to allow TLS 1.0 on Deep Security Manager:
https://help.deepsecurity.trendmicro.com/11_0/on-premise/tls-version.html
2. What's New
========================================================================
2.1 Enhancements
=====================================================================
This release includes several new features that have been added since
Deep Security 10.0, including:
- FIPS 140-2 support
- Application control:
- Software changes filter exclusion
- New platform support
- Global block by hash
- Trusted updater
- Security event aggregation
- Integrity monitoring - improvements to real-time scans
- Minimum TLS version enforcement
- Cloud VDI (Amazon WorkSpaces support)
- Relay management improvements
- Advanced threat detection (machine learning)
- Fail open option
- Tipping Point equivalent rule ID mapping
- Identity provider support via SAML 2.0
- Single deployment script for Windows and Linux
- New support for NSX 6.3.5
- New support for Microsoft Windows Server 2016
- New support for Microsoft SQL Server 2016
- PostgreSQL support, including:
- PostgreSQL multi-tenant support
- Support for Amazon RDS PostgreSQL Multi-AZ deployments
- SQL Server Express support in certain limited deployments
- Docker enhancements
- News feed
- Computers page enhancements
- Zero impact network driver install
- Time-boxed anti-malware scans
For details, see:
https://help.deepsecurity.trendmicro.com/11_0/on-premise/whats-new.html
Additional enhancements since Deep Security 10.0:
Enhancement 1: [DS-14488]
You can now save deployment scripts to a file
directly from the Deployment Script window.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 2: [DSSEG-1235]
root/Administrator privileges are required to run
Deep Security Agent deployment scripts. With this
release, a message is displayed when a deployment
script is run without the correct privilege.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 3: [DSSEG-1325, DS-16916]
Deep Security Virtual Appliance has been improved
to gracefully handle local vMotion in VMware's
environment.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 4: [DSSEG-1404/TT 353335]
A new policy setting (Computer/Policy editor >
Settings > General > Suppress all pop-up
notifications on host) enables you to hide all pop-up
windows on hosts.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 5: [DSSEG-948/SF00314256]
The Deep Security Azure cloud connector now supports
Azure CSP subscriptions.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 6: [DSSEG-1089/SEG-875]
In some environments, the Anti-Malware Solution
Platform (AMSP) could cause high disk input/output
when the common scan cache was on.
By default, the AMSP common scan cache is on. To
disable it, open a Windows command prompt on the Deep
Security Manager computer, go to the Deep Security
Manager root folder, and run this command:
dsm_c -action changesetting -name settings.configuration.disableAmspCommonScanCache -value true
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 7: [DSSEG-838]
In previous releases, the "Smart Protection Server
Disconnected" alert could only be cleared manually by
a user. In this release, Deep Security Manager will
clear the alert automatically when it receives a
"Smart Protection Server Connected" event.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 8: [DSSEG-1127/DSSEG-1126,1127/SEG-8328]
By default, Deep Security Agents send ping requests
to a domain controller (DC) every 10 seconds for the
Contexts function. This release enables users to
configure agents to not send ping requests to domain
controllers if the Contexts function is not used:
To configure the agents so they don't send ping
requests to domain controllers:
1. In Deep Security Manager, go to "Administration >
System Settings > Contexts".
2. Set "Test Interval" to "Never" and click "Save".
Note:
This enhancement requires that you upgrade your Deep
Security Agents to 10.0 Update 2 to make the setting
take effect.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 9: [DS-12253]
This release adds the ability to specify a timeout
value for scheduled malware scans. You can see the
new option by going to Administration > Scheduled
Tasks and adding or editing a "Scan Computers for
Malware" scheduled task. The timeout option is
available for daily, weekly, monthly, and once-only
scans. It is not available for hourly scans. When a
scheduled malware scan is running and the timeout
limit has been reached, any tasks that are currently
running or pending will be cancelled.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 10: [DSSEG-1058]
Deep Security Manager now provides a single
deployment script for both Windows and Linux and adds
the ability to allow customers to select a proxy
setting and add it to the deployment script.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 11: [DSSEG-1309]
Deep Security Manager can now be installed on
Microsoft Windows Server 2016.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 12: [DSSEG-1308/00408162/00416136/00278947/00418482/00439807]
Deep Security Manager now supports Microsoft SQL
Server 2016.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 13: [DSSEG-1592]
Recommendation scans now runs significantly faster
than in the previous release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 14: [DSSEG-1289]
Improved performance when using IE/Edge when
displaying pages that load spinners (animation
graphics).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 15: [DS-12493]
This release adds the ability to manually add an
Azure application without requiring the "Global Admin"
permission. For instructions, see
https://help.deepsecurity.trendmicro.com/10_2/azure/create-azure-application.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 16: [DSSEG-2070]
This release resolved a security vulnerability.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 17: [DSSEG-1703]
Deep Security Manager has been improved to handle
RESTful requests more efficiently.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 18: [DSSEG-1981]
This release adds support for Amazon Linux 2.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 19: [DSSEG-1906]
TLS authentication is now enforced when accessing
Trend Micro Active Update server.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 20: [DSSEG-1954]
With the introduction of certificate validation for
agent deployment scripts, hash validation is no
longer necessary. This release of Deep Security
Manager removes the hash validation check for
deployment scripts on Linux platforms.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.2 Resolved Known Issues
=====================================================================
This release resolves the following issues that were identified in
previous versions of Deep Security:
Issue 1: [DSSEG-956]
The default settings for Document Exploit Protection
in Deep Security Manager 10.0 may be too aggressive
for tenants, resulting in some false-positive
detection. Additionally, if a customer had configured
Malware Scan Configuration settings in 9.6 SP1, it
could result in Document Exploit Protection being
disabled in Deep Security 10.0.
Solution 1: Change the Document Exploit Protection settings back
to Trend Micro recommended settings.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 2: [DSSEG-954]
In an NSX 6.3 environment, shutting down the Deep
Security Virtual Appliance would cause the protected
VM to lose network connectivity.
Solution 2: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 3: [DSSEG-927]
When Deep Security Manager was using Microsoft SQL
Server 2008 R2 or earlier, the Deep Security Manager
console was unable to show an instance list under a
vCloud connector that contained more than 500
activated instances.
Solution 3: This issue is resolved in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 4: [DSSEG-926]
When a user manually added a computer to the Deep
Security Manager console and also imported the
vCenter containing the computer, Deep Security
Manager would raise a duplicate UUID alert.
Solution 4: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 5: [DSSEG-887]
When Deep Security Manager was synced with an Active
Directory using the "Assign the same Deep Security
Role to all Directory Group members" option, a newly-
added user could not log in to Deep Security Manager
until the Active Directory was re-synced.
Solution 5: This issued was caused by a null value exception.
Deep Security Manager now handles the null value
exception.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 6: [DSSEG-867]
When users navigated to the Actions tab in Deep
Security Manager but didn't have the appropriate
permissions for the page, they would be logged out.
Solution 6: When users without appropriate permissions navigate
to the Actions tab, they will not be logged out and
they will see an error message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 7: [DSSEG-866]
When viewing application control drift events using
the time-based histogram, there is a known boundary
issue where, when selecting the detailed histogram
view, some events from the higher-level view are not
shown in the expanded view below.
Solution 7: The logic used to calculate the x-axis in histograms
has been improved.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 8: [DSSEG-850]
With application control, when sending a new policy
with an updated ruleset, although the policy was
received by the agent, the enforcement did not occur
as expected. This triggered an error that was
reported by the agent.
Solution 8: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 9: [DSSEG-849]
A large number of application control shared rule
sets would accumulate on the Deep Security Manager
file system. This was because whenever there was
modification on the ruleset, it was not deleted.
Solution 9: A housekeeping mechanism is now in place so that
application control removes the temporary ruleset
files from Deep Security Manager's file system.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 10: [DSSEG-777]
With application control, when a user performs the
undo of a Block or Allow decision, the event
"Decision Log Undo" should be generated. Instead, an
"Apply ruleset failed" event was incorrectly
generated. This was caused by conflicting event IDs.
Solution 10: The Decision Log Undo ID has been changed to prevent
this conflict.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 11: [DSSEG-1168]
In previous releases, the Deep Security Manager
installer only accepted a colon as the separator in
the host name on the Database screen. In a silent
install, it was
"DatabaseScreen.Hostname=Hostname\IP:Port number".
Solution 11: In this release, you can use either a colon or comma
as the separator.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 12: [DSSEG-1144]
When adding an Azure connector via proxy with
authentication required, the authentication would
fail.
Solution 12: Based on a suggestion from Oracle, basic
authentication is now reactivated while using the
Active Directory Authentication Library (ADAL).
Note 12: http://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 13: [DSSEG-1129/SEG-3089]
Image files with a .png extension in the Deep
Security Manager diagnostic package could not be
opened.
Solution 13: File extension of the images was corrected to be
.svg, to match the image format.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 14: [DSSEG-1078]
There was a cross-site scripting risk in the Deep
Security Manager general script page common.js.
Solution 14: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 15: [DSSEG-1061]
When the "Use a Schedule for Upgrade" option is
selected, the upgrade time is on based on the time
zone of the Deep Security Manager computer. However,
the schedule displayed under "Policies > Common
Objects > Other > Schedules" reflected the time zone
where the user is located, which could be different
from the time zone of the Deep Security Manager. This
difference sometimes caused confusion.
Solution 15: The schedules displayed on the "Schedules" page are
not associated with any time zone. But when a
schedule is applied to a rule or task, it will be
applied using the Deep Security Manager or Agent's
local time.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 16: [DSSEG-1054]
The database migration task in the Deep Security 10
GM build did not set migration status correctly and
dropped temporary tables when there was no data that
needed to be migrated. This prevented the Deep
Security Manager from receiving any agent events.
Solution 16: This issue is resolved in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 17: [DSSEG-1053]
Some users experienced issues with scheduled tasks,
where the task was being performed on the wrong day.
This was because the task day was scheduled in the
timezone of the Deep Security Manager or tenant,
which could be significantly different from the user
timezone. While the time of day would be correctly
converted between the user timezone and the
scheduling timezone, in some cases if the conversion
caused the day or date to change (for example,
Wednesday May 10th 10pm UTC is equivalent to a
Thursday May 11th 2am UTC+4), the task would be
scheduled 24 hours too early or too late.
Solution 17: With this release of Deep Security, all new scheduled
tasks are created with a specified associated
timezone. This can be edited in the scheduled task
properties. Any existing tasks will have schedules
displayed in the timezone in which they are currently
scheduled (tenant or Deep Security Manager).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 18: [DSSEG-1005]
During an agent-initiated reactivation of the Deep
Security Agent, Deep Security Manager sent a
ResetAgent command to the agent before sending the
activation command. If something went wrong during
the reactivation process, such as a network
disconnection, it could result in the agent being
reset but not activated.
Solution 18: This issue is resolved in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 19: [DSSEG-994]
When a load balancer was configured with a heartbeat
hostname but the load balancer manager hostname was
empty, it would cause the agent to receive an empty
manager hostname and package downloads would fail.
Solution 19: This issue is resolved in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 20: [DSSEG-990]
When using Deep Security Manager with Oracle Database
12c version 12.1.0.2.0 or higher, a maintenance job
would not complete successfully. In the Deep Security
Manager console, under Administration > System
Information > System Details > Optimizations >
Maintenance Job Schedule, the "Last run" time would
display "Never".
Solution 20: This release upgrades the JDBC driver to version
12.1.0.2, which enhances database performance and
resolves this issue.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 21: [DSSEG-951]
When Deep Security Manager performed a Synchronize
VMware vCenter job and the job could not be
completed, it occupied Deep Security Manager
resources and other jobs could not be processed.
Solution 21: This hot fix adds a timeout value to the Synchronize
VMware vCenter job. If the job cannot be finished
within two minutes, Deep Security Manager will
terminate the job so that other jobs will not be
affected.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 22: [DSSEG-886]
When Deep Security updated its components, some
computers appeared out of date on the Security
Updates page. The out-of-date warning message could
persist for more than an hour.
Solution 22: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 23: [DSSEG-1123]
When changing a user password, the password was
available as plain in the body of the response.
Solution 23: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 24: [DS-15270/DSSEG-1275/SEG-11140/SEG-11414/SEG-11262/SEG-11244/SEG-11337]
Deleting a vMotion job completion state record while
synchronizing with vCenter sometimes caused Deep
Security Manager to become locked.
Solution 24: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 25: [DSSEG-1256/SEG-11143]
The numbers displayed in the Reconnaissance section
of an Attack Report were incorrect.
Solution 25: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 26: [DSSEG-1251]
In the 7-day view, the dashboard widget graphs were
being populated based on the timezone of the Deep
Security Manager or tenant. If users were in a
different timezone, the display could be confusing.
Solution 26: Graphs are now populated based on the user's
timezone. If the user's timezone in "User Properties"
is changed, the graphs will populate based on the new
timezone when the page is reloaded.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 27: [DSSEG-1227]
In environments where Debian is installed without
lsb_release, such as in Azure, a Deep Security
deployment script would produce an "Unsupported
platform is detected" error.
Solution 27: The deployment script now allows Debian with or
without lsb_release installed.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 28: [DSSEG-1176, DSSEG-1171]
Cross-site scripting vulnerabilities were identified.
Solution 28: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 29: [DSSEG-1346]
In past releases, the default value for the
"Administration > System Settings > Storage >
Automatically delete System Events older than:"
setting was "Never". This sometimes resulted in the
Deep Security Manager SystemEvents table becoming too
large because system events were not pruned unless
customers changed the default value.
Solution 29: Starting with this release, the default setting for
"Automatically delete System Events older than" has
been changed to "53 Weeks (534240)".
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 30: [DSSEG-1297/SEG-11373]
SQL Server Express is supported as of Deep Security
10.0 Update 2, but the warning messages when using
SQL Server Express were not updated in Japanese and
Simplified Chinese.
Solution 30: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 31: [DSSEG-1295/SEG-9782]
File lists would not accept multiple files.
Solution 31: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 32: [DSSEG-1290]
When Deep Security Manager was installed in silent
mode, Install4j would put all user-supplied
installation parameters into install.varfile. Some of
those parameters contained sensitive information such
as the license code and password.
Solution 32: The installer will no longer write those sensitive
parameters into the file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 33: [DSSEG-1287]
The SystemEventX.arc and AgentEventX.arc files were
not removed after insertion of records. By default,
the undeleted *.arc files were reparsed for insertion
of records every 10 minutes as part of Disk
Monitoring job and during the Deep Security Manager
service restart.
Solution 33: The files are now removed after records are inserted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 34: [DSSEG-1156/SEG-3648]
There was a performance issue in Deep Security
Manager when loading the Computers page and Computer
Status widget with a large VMware environment
deployment.
Solution 34: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 35: [DSSEG-986]
When a scheduled malware scan was running, the URL of
a Deep Security Virtual Appliance displayed in the
Malware Scan Status widget was incorrect.
Solution 35: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 36: [DSSEG-1478/SEG-13376]
NSX synchronization was not able to run within the
scheduled vCenter synchronization task execution in a
multiple vCenter environment.
Solution 36: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 37: [DSSEG-1429/SEG-13059]
The SOAP API eventretrieve() method did not sort the
result set. As a result, these problems sometimes
occurred: the incorrect last event ID was shown,
events were missing, or there were duplicate events.
Solution 37: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 38: [DSSEG-1420/SEG-13068]
Deep Security Manager opened an unneeded connection to
vCenter during the post-activation process for a
virtual appliance, which sometimes caused an
activation failure due to a connection timeout.
Solution 38: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 39: [DSSEG-1355/SEG-12776]
If Deep Security Manager could not get all running
processes from the agent, a NullPointerException
would appear in the log file.
Solution 39: An error is now logged instead of a
NullPointerException.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 40: [DSSEG-1262]
When Deep Security Manager was running in multi-tenant
mode, the settings that control SIEM configuration for
tenants did not work as expected.
Solution 40: There is a new option under "System Settings >
Tenants" that allows the primary tenant (t0) to hide
or show SNS settings for tenants. If the t0 clears the
checkboxes for the SIEM, SNS, and SNMP options on the
"Tenants" tab, tenants will not see the
"Administration > System Settings > Event Forwarding"
tab.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 41: [DSSEG-1393, DSSEG-1393/SEG-13494/00554769]
A previous release changed the file and directory path
format specification to disallow the $ symbol, which
prevented users from importing MSSQL server folders
that include $ in their folder path.
Solution 41: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 42: [DS-15841, DSSEG-1346]
In past releases, the default value for the
"Administration > System Settings > Storage >
Automatically delete System Events older than:"
setting was "Never". This sometimes resulted in the
Deep Security Manager SystemEvents table becoming too
large because system events were not pruned unless
customers changed the default value.
Solution 42: The default setting for "Automatically delete System
Events older than" has been changed to "53 Weeks
(534240)".
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 43: [DS-14737, DSSEG-1251]
In the 7-day view, the dashboard widget graphs were
being populated based on the timezone of the Deep
Security Manager or tenant. If users were in a
different timezone, the display could be confusing.
Solution 43: Graphs are now populated based on the user's
timezone. If the user's timezone in "User Properties"
is changed, the graphs will populate based on the new
timezone when the page is reloaded.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 44: [DS-15666]
Unexpected data was included in syslog messages.
Solution 44: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 45: [DS-14223, DSSEG-1161]
In VDI deployments, if you recompose the VDI pool,
vCenter will create VMs and the Deep Security Manager
will get a "Computer Created" event that can be used
to trigger the Event-Based Task (EBT) for activation.
After activation is done, if the VDI pool is refreshed
or reset, all VMs will revert to an unmanaged state.
In this case, vCenter will send a "Computer Powered
On" event. Since the computer had previously been
created and only the protection state has been reset,
the "Computer Created" EBT will not be triggered and
an EBT based on "Computer Powered On" is required.
Solution 45: This release includes a new event-based task type
named "Computer Powered On (by System)". This
event-based task enables you to trigger activation by
the VMWare Virtual Machine power on event.
Notes: - This new task only supports the VMWare Virtual
Machine power on event. It does not support other
cloud connectors.
- To avoid a Power On storm, specify match condition
carefully to limit the number of computers
activated by this event.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 46 [DS-17842]
When application control and anti-malware were enabled
before upgrading, the Deep Security Manager sometimes
temporarily showed that the application control module
was offline after the upgrade.
Solution 46: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 47: [DS-17168/DSSEG-1534/SEG-12549/SEG-9431]
Under certain circumstances, a VMotion procedure would
open a new database transaction inside a vCenter
synchronization transaction, which caused Deep
Security Manager to become unresponsive and unable to
create or process any jobs.
Solution 47: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 48: [DS-17481]
The time of an alert listed on the Alerts page did
not match the time shown in the Alert Viewer.
Solution 48: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 49: [DS-17376]
If a scheduled malware scan was triggered while a
manual malware scan was already running, a manager
job was created for the scheduled scan, which was not
necessary.
Solution 49: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 50: [DS-15543]
Deep Security Manager sometimes raised an event with
an incorrect description, which indicated the settings
had been reset back to "inherited" when the value of
the setting was changed to an empty string ("").
Solution 50: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 51: [DS-11178]
If a malware scan generated a very large number of
malware events, the Deep Security Agent could fail to
report the events to the Deep Security Manager,
generating a "Get Events Failed" event.
Solution 51: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 52: [DSSEG-1765, DS-14438]
In a multi-tenant Deep Security environment, if the
primary tenant (t0) configured proxy settings, other
tenants (tn) would see a false critical alert:
"Invalid System Settings Detected".
Solution 52: This issue is resolved in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 53: [DSSEG-1678, DS-17672]
When a multi-tenant environment had a single database
and it's state was "Not Accepting Tenants", tenants
could still be created using the REST API.
Solution 53: The API will not be able to create tenants if the
database is not accepting new tenants.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 54: [DSSEG-1674/528084/SEG-12190, DS-18303]
When Deep Security Manager sent a policy update to
agents, it used to acquire a RULESET_UPDATE_LOCK to
protect application control data from concurrent
updates. When sending a policy to a large number of
agents, this would slow down the agent heartbeat jobs,
eventually causing the agent heartbeats to be
rejected.
Solution 54: The critical section protected by RULESET_UPDATE_LOCK
has been reduced. The RULESET_UPDATE_LOCK is now
acquired for application control ruleset hash
computation during the policy updates. This reduces
contention for the lock while sending the policy to
the agents and speeds up the heartbeat jobs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 55: [DSSEG-1651/SEG-16202]
These issues occurred in a multi-tenant environment:
- An administrator whose "Multi-Tenant Administration"
permission was set to "View-only" was unable to
save any of the settings under "Administration >
Systems Settings" in Deep Security Manager.
- When a primary tenant (t0) specified that the SIEM,
SNMP, and SNS settings should be hidden from
tenants, tenants (tn) would experience display
issues with the "Administration > System Settings"
tabs, where the tabs would move.
Solution 55: These issues are fixed in this release
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 56: [DSSEG-1650]
The default value for the SNS setting was changed to
false, which caused backward compatibility issues.
Solution 56: The default value for the SNS setting has been changed
back to true.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 57: [DSSEG-1587/SF00503030/SEG-10934, DS-17627]
Customers using Deep Security 9.6 or earlier would see
an alert indicating that a newer Deep Security Manager
version is available, even after upgrading to the
latest long-term support version (Deep Security 10.0).
Solution 57: The check for Deep Security Manager updates now
separates long-term support versions (like Deep
Security 10.0) from feature releases (like Deep
Security 10.1). Long-term support deployments only
check from newer long-term support releases, while
feature release deployments will check for any newer
releases.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 58: [DSSEG-1555/SEG-12190, DS-17542]
The heartbeat processing thread and job creation
thread would sometimes block each other when one of
them got stuck while acquiring a tenant host usage
lock. This caused the Deep Security Manager system to
become unresponsive.
Solution 58: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 59: [DSSEG-1476/SEG-14212, DS-17636]
In a multi-tenant environment, if the state of the
primary tenant (t0) database was "Not Accepting
Tenants" but there were other databases that could
accept tenants, the options for the primary database
server were still displayed in the tenant creation
wizard. If no database was accepting tenants and an
administrator attempted to create a new tenant, there
was no warning until the tenant creation was being
processed.
Solution 59: If the state of the primary tenant (t0) database is
"Not Accepting Tenants" but there are other databases
that can accept tenants, the options for the primary
database server are not displayed in the tenant
creation wizard. If there are no databases accepting
new tenants and an administrator tries to create a new
tenant, the administrator will see this warning: "No
database servers are configured to accept new tenants.
Please review your database settings before adding a
new tenant" and will not be able to continue with the
wizard.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 60: [DSSEG-1148/SEG-1206, DS-18289]
The default ICRC log level for a Deep Security Agent
on Linux is "debug", which causes the ds_am-icrc.log
file to grow quickly.
Solution 60: Change the default ICRC log level to "warn". For a
fresh agent installation, the default ICRC log level
will be set to "warn" by default. To update an
existing agent on Linux:
1. Upgrade the Deep Security Manager to the build
that contains the fix.
2. On the Deep Security Manager computer, open a
windows command prompt, go to the Deep Security
Manager root folder, and run this command:
dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value true
3. Upgrade the Deep Security Agent to the build that
contains the fix.
4. After the agents are upgraded and the default ICRC
log level has been corrected, we recommend that you
turn off the key. To do this, go to the Deep
Security Manager computer, open a windows command
prompt, go to the Deep Security Manager root
folder and run this command:
dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value false
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 61: [DSSEG-1646]
In Event-Based Tasks, adding a "*" character to the
beginning of the regular expression to match ALL
parent folders was not working as expected.
Solution 61: This issue is resolved in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 62: [DSSEG-1931]
Deep Security Manager encountered high memory usage when
performing recommendation scans for computers that
install large amounts of software.
Solution 62: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 63: [DSSEG-1611/SEG-15581/SF00592192/DS-19140]
Duplicate computers sometimes appeared under the same
Active Directory. The duplicate computers could not be
removed after an Active Directory synchronization.
Solution 63: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 64: [DSSEG-1549/DS-17376]
If a scheduled malware scan was triggered while a manual
malware scan was already running, a manager job was
created for the scheduled scan, which was not necessary.
Solution 64: If a scheduled malware scan is triggered while a manual
malware scan is already running, the scheduled malware
scan will be skipped.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 65: [DSSEG-1516/SEG-7200/DS-17323]
When a large number of host groups were added to Deep
Security Manager, the loading speed of the Computers page
became very slow.
Solution 65: An algorithm has been improved to increase the page
loading speed.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 66: [DS-16690]
When using advanced threat detection (machine learning),
the folder scan exclusion setting did not support the use
of the wildcard (*) character.
Solution 66: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 67: [DS-17542]
The heartbeat processing thread and job creation thread
would sometimes block each other when one of them got
stuck while acquiring a tenant host usage lock. This
caused the Deep Security Manager system to become
unresponsive.
Solution 67: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 68: [DS-14221]
If you enabled anti-malware and application control in a
policy and applied it to a pre-10.1 Deep Security Agent
on Windows, then upgraded the agent to 10.1 or later,
it sometimes displayed the status "Software Update:
Anti-Malware Windows Platform Update Failed". This
error was due to a timing issue and could be ignored
because the anti-malware component upgrade was successful.
Solution 68: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 69: [DS-13686/DS-9791]
When using application control, if you created a golden
image, updated it with required patches, created a shared
ruleset, and then applied that shared ruleset to other
computers, when you installed those same patches on the
other computer, they were allowed to execute because
they were in the shared ruleset. However, the patch
updates appeared on the Software Changes page. To avoid
this, we recommended setting application control to
maintenance mode when applying patches.
Solution 69: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 70: [DS-13419]
When using application control for Windows computers,
if you selected "Block unrecognized software until it
is explicitly allowed", you had to enable maintenance
mode before updating the computer's operating system.
This included when performing an "update and restart"
action on a computer running Windows. Failure to do this
could break the computer because application control would
block execution of updated files in the OS until you
created the allow rules. Depending on which OS file was
updated, this could require the use of an OS recovery
mode or external tool to recover from the misconfiguration.
Solution 70: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 71: [DS-10369]
On Windows Server 2016, Windows Defender is turned on
by default and cannot be turned off automatically by
other anti-malware software registering to
Windows Security Center which. There could be performance
issues if the anti-malware feature was turned on
when Windows Defender was enabled.
Solution 71: As a workaround, Deep Security Agent will disable
Windows Defender from group policies before installing
the anti-malware feature. Until Microsoft has a further
solution addressing this issue, re-enable Windows
Defender manually if you want to uninstall Deep Security
Agent and use Windows Defender instead.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 72: [DSSEG-1911/SEG-21111]
Deep Security Manager did not prevent the creation of a
policy that contained certain exceptions, which allowed
an incomplete policy to be sent to agents.
Solution 72: This issue is fixed in this release
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 73: [DSSEG-1910]
Deep Security Manager encountered high memory usage
when performing recommendation scans for computers that
install large amount of software.
Solution 73: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 74: [DSSEG-1840/SF00670579/SEG-20155]
When using an Oracle Database with Deep Security Manager,
host groups sometimes did not display correctly in the
Deep Security Manager console.
Solution 74: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 75: [DSSEG-1745]
When Deep Security Manager sent Web Reputation events
to Trend Micro Control Manager, the time information
for the events was incorrect.
Solution 75: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 76: [DSSEG-1591/SEG-7200]
When the ""Computers"" page in Deep Security Manager
contained many host groups, the computer editor
(displayed when you double-click a host) would load
very slowly.
Solution 76: The computer editor now will load more quickly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 77: [DSSEG-1941/SEG-21111]
When a database error was encountered while upgrading
the schema for a T0 (primary tenant) database, the
installer would continue the installation process.
This issue could cause the software and database to have
different schema versions.
Solution 77: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 78: [DSSEG-1938]
When multi-tenancy was not enabled, users who were
assigned the ""Full Access"" role would see some screens
related to multi-tenancy.
Solution 78: This issue is fixed in this release. Screens related
to multi-tenancy are displayed only in a multi-tenant
environment.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 79: [DSSEG-1913/SEG-20404]
When Deep Security Manager was running in single-tenant
mode, the Deep Security Agent did not send events to
the syslog server directly.
Solution 79: If you have not encountered this issue in your Deep
Security deployment, this release can prevent it. If
the issue is occuring in your environment, apply this
release and then execute the following command on the
Deep Security Manager computer:
dsm_c -action changesetting -name ""settings.configuration.forceT0SyslogSettings"" -value true
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 80: [DSSEG-1805]
The event "Intrusion Prevention Rule Compilation
Failed" appears when Deep Security Agent tries to
compile intrusion prevention rules but fails. In
previous releases, the warning message was not
dismissed when the agent successfully compiled the
rules on a subsequent attempt.
Solution 80: The warning message is now dismissed automatically.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 81: [DSSEG-1705/603349/SEG-16030]
Deleting inactive AWS hosts in an environment with a
heavy concurrent cloud sync load caused database
transaction deadlocks and prevented other operations
from saving changes to the database.
Solution 81: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 82: [DSSEG-2096]
When Deep Security was operating in combined mode,
recommendation scans did not generate and apply
integrity monitoring rules to the virtual appliance.
Solution 82: This issue is fixed in this release
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 83: [DSSEG-1588]
During vMotion, Deep Security Manager would display
"Firewall Engine Offline" and "Intrusion Prevention
Engine Offline" events, but there would not be a
corresponding event when the vMotion was completed
and the engine was back online.
Solution 83: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 84: [DSSEG-2123/SF00768090/SEG-24724]
Some system events were not registered in the Deep
Security Manager system event cache. As a result, if
the time period for a summary report included one of
those events, the report process could not find the
event in the cache, causing a null pointer exception.
Solution 84: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3. Documentation Set
========================================================================
In addition to this readme.txt, the documentation set for this product
includes the following:
- The Deep Security Help Center is available at:
https://help.deepsecurity.trendmicro.com/11_0/on-premise/Welcome.html
and includes:
-- product overview, deployment plan, installation steps
and basic information intended to help you smoothly deploy
Deep Security.
-- post-installation instructions on how to configure the
settings to help you get Deep Security "up and running".
Also includes instructions on performing other administrative
tasks for the day-to-day maintenance of Deep Security.
- You can easily search the Help Center content or get
context-sensitive help from your Deep Security Manager.
- Knowledge Base -- a searchable database of known issues,
including specific problem-solving and troubleshooting topics.
http://esupport.trendmicro.com
4. System Requirements
========================================================================
For a complete list of the system requirements, please refer to the
Deep Security Help Center:
https://help.deepsecurity.trendmicro.com/11_0/on-premise/Get-Started/Install/system-requirements.html
5. Installation
========================================================================
Refer to the "Get Started" section of the Deep Security Help Center:
https://help.deepsecurity.trendmicro.com/11_0/on-premise/install-deep-security.html
6. Known Incompatibilities
========================================================================
For a full list of compatible agents please see
https://help.deepsecurity.trendmicro.com/11_0/on-premise/Manage-Components/Software-Updates/compatibility.html
- When adding vCloud in this version of Deep Security, it must be
added only to the tenants. Adding vCloud to the primary
tenant is not supported.
7. Known Issues in Deep Security Manager 11.0
========================================================================
- If you are using a VMware NSX for vShield Endpoint or a Standard
license of NSX, the "NSX Security Group Change" event-based task in
Deep Security will not be triggered until Deep Security is manually
synchronized with the vCenter/NSX Manager. For example, when a
computer is moved from an unprotected security group to a protected
security group, the protection will not be triggered automatically
until the next manual NSX synchronization. (DS-8864)
- When performing a silent install of Deep Security Manager on
Red Hat Enterprise Linux, the install may fail if you have installed
Java via Yum, due to a missing font. To work around this issue,
add a /etc/fonts/local.conf file with this content:
serif
Utopia
sans-serif
Utopia
monospace
Utopia
dialog
Utopia
dialoginput
Utopia
"
(DS-15872)
- If you activate a Deep Security Agent on an AWS WorkSpace and apply
a policy that uses the default firewall rules, the workspace will
become "unhealthy". You must alter the policy to allow access to
the ports required by WorkSpaces. (DS-17460)
- There is an issue when a virtual machine (VM) is protected
agentlessly by a Deep Security Virtual Appliance and the VM is
moved (using vMotion) from ESX A to ESX B, where both ESX A and
ESX B have an appliance installed. In that scenario, the source
appliance stores some temporary data to a relay and the target
appliance downloads the package from the relay. However, if the
relay is disabled, deleted, or deactivated, the target appliance
is not able to download the package and it could fail to restore
some data (such as the integrity monitoring baseline) on the
target appliance. (DS-18684)
- In a multi-tenant environment, the primary tenant (t0) can share
its default relay group with other tenants (tn), and the tenants
(tn) can choose to use the t0's default relay group or its own
relays.
If a tn enables relays in its own default relay group but
then changes their settings to use the t0's default relay group,
the tn user will not be able to see their own relays on the Relay
Management page in Deep Security Manager.
To see those relays again, the tn can use this procedure:
1. Stop using the t0's default relay group.
2. The tn's own relays will appear again on the Relay Management
page. Move those relays to another group (something other than
the default relay group).
3. Start using the t0's default relay group again. The tn will be
able to see their relays in the group used in step 2.
(DS-18687)
- Disabling the relay feature on a Windows 10 agent can sometimes
take more than ten minutes to complete. (DS-18685)
- The new Relay Management page does not allow users to add or
modify relay group descriptions. (DS-15947)
- When an agent with relay functionality is in the "Enabling" or
"Disabling" state, the operation cannot be canceled. If the
operation hangs in either of these states, the agent with the
relay functionality needs to be deactivated and then reactivated.
(DS-16407)
- If you are using application control with a global ruleset and
want to delete multiple hash values from the ruleset, you must
delete them one by one.
(DS-17474)
- After upgrading to Deep Security Agent 11.0, the Security Update
Status for the agent may change from "Up-to-Date" to "Out-of-Date"
due to a synchronization issue with the Trend Micro Active Update
Server. To fix this, trigger a security update for the agent.
(DS-16996)
- During a graceful Deep Security Manager node shutdown, if the node
is for NSX communication, the next Manager node will be assigned as
NSX communication node regardless of node status, even the node is
offline. (DS-16854)
- Due to a known issue with the VMWare EPSec API, an advanced threat
detection (machine learning) query will be initiated again when
deleting files and moving them to the recycle bin. This make the
deleting process slower. This only happens for soft-deletes (moving
the files to the recycle bin). If a user chooses to delete the
files from hard disk directly (hard-delete), the issue will not
happen. (DS-14032)
- When using a Deep Security Virtual Appliance deployed in an NSX
environment, after turning on a protection module and applying a
rule to a protected VM, then when switching between protection
module tabs in Deep Security Manager, the status may display "Not
Activated" for a brief time before correctly displaying the correct
state (for example, "On, 1 rule"). (DS-12380)
- You must import software patch packages (in the form of .dsp files)
before deploying the Deep Security Virtual Appliance or upgrading
it to a newer version. If you see "Event 710 (.dsp xxx patch
package is not found)" in the Deep Security Manager system events,
it indicates that the patch package for the appliance has not been
imported yet. To resolve this event, go to the Deep Security
software download page
(https://help.deepsecurity.trendmicro.com/software.html) and import
the patch package. (DS-16981)
- In rare circumstances, anti-malware could go offline after the
Deep Security Agent finishes upgrading. When you check the Windows
Application events log, it will show that
Microsoft-Windows-RestartManager has stopped the Anti-Malware
Solution Platform (AMSP) and Trend Micro Solution Platform service,
and the service will need to be restarted. See
https://success.trendmicro.com/solution/1117465 for more details.
(DS-11331)
- Application control build inventory, which happens after enabling
application control, will take longer to finish on Windows Server
2008 R2 compared to other supported platforms. (DS-13120)
- Application control is not compatible with Windows Defender.
Running both can result in severe performance impacts. However, if
both application control and anti-malware are enabled, then Deep
Security will automatically disable Windows Defender for normal
operation. (DS-12890)
- Application control build inventory, which happens after enabling
application control, will be slower when TiWorker.exe is running.
TiWorker.exe is the Windows Modules Installer Worker, which is used
when performing Windows updates. (DS-14313)
- When application control is configured to "Block unrecognized
software until it is explicitly allowed", you will not be able to
upgrade or uninstall the Deep Security Agent on that computer.
To unblock the procedure, enable maintenance mode. (DS-14369)
- AWS instance types have different throughputs and computing
resources. Shared ruleset creation time can vary widely depending
on the instance type and may take an hour or longer on m3.medium
and smaller instances. (DS-13747)
- In environments with Integrity Monitoring enabled and a large
number of computers, the database may experience high CPU. This
applies to Microsoft SQL Server databases. To resolve the issue
maintenance on the 'entitys' table should be done using the
'EXEC sp_updatestats' command. (DS-10471)
- Upgrading to Deep Security 11.0 with an Oracle 12c Database is
not supported in a multi-tenant deployment. (DS-8139)
- Using Windows 10 Edge as your browser for DSM may show certificate
errors. Microsoft Edge is a web browser included in Windows
10/2016 operation systems. Unlike IE, the Edge browser does not
have a configuration option for Trusted Sites which allows the
user to add websites (e.g. the DSM URL). However, administrators
can still add the DSM URL to the list of trusted sites from the
Control Panel (Control Panel > Network and Internet >
Internet Options > select Security). (DS-4618)
- Online Help Search does not support special characters such
as "!", "#" and "%". (DS-6453)
- A "Refresh" notification appears on the UI after undoing an action
in Application Control. (DS-10151)
- Using a Safari browser, the filter search option in Application
Control under the ACTIONS tab only works one time, then you need to
flip to another tab and back to do another search. On Chrome,
Firefox and IE11 it works every time. (DS-7844)
- In Application Control, the drift number and button for "ALLOW ALL"
or "BLOCK ALL" on the Action tab won't reflect the last executed
state after user switches to any other page. The information
displayed on the Action tab page will depend on how many
unrecognized software items are being allowed or blocked by the
current action, and if the number of items is very large then the
page will take longer to be updated. (DS-10294)
- In the Application Control > Actions tab page, it takes longer than
expected to display the first drift card, and if there is a huge
amount of drift, the performance is affected. (DS-9808)
- When using Application Control, if the existing rule set is large,
it can take several minutes to enforce the action on the Agent
protecting the computer. (DS-9464)
- Anti-malware endpoint correlation on Windows does not generate
hash values.
When anti-malware File Hash Calculation is enabled, the following
cases may still not generate related hash values:
1. Multiple Spyware detections
2. Trojan detections with multiple files cleaned
3. Endpoint Correlation detection
4. Windows XP SP2 doesn't natively support SHA256 and no
SHA256 value will be generated
5. Anti-exploit may calculate the hash values of victim file
instead of malware file
Note: the Anti-exploit detection often is a victim file instead
of a malware file; the hash values of the victim must be
carefully used. (DS-9573)
- When using Trend Micro Control Manager (TMCM) with a locally
installed Smart Protection Server (SPS) for the Connected
Threat Defense feature, Deep Security (DS) will not only
take the action according to Deep Security Web Reputation
features (Security Level /score) but also take action
according to Control Manager/Smart Protection Server (Log
or Block for a URL). However, DS blocking page and events
still show the risk information instead of specific
action/reason or category information for this.
For example:
1. Some pages rated/shown with Suspicious Risk Level are
blocked when user setting of Web Reputation Security Level
is Medium, to block Dangerous and Highly Suspicious pages
2. Some Web Reputation events are log events instead of block
events and the user can't tell which is log event in DSM Web
Reputation event pages. To clearly know this information,
the user needs to login to TMCM to view the web reputation
events with action/reason information. (DS-3947)
- When using TMCM 6.0 SP3, a user-defined Suspicious Object doesn't
have a filterCRC value and therefore Deep Security cannot
detect/block this type of file. (DS-768)
- When using Connected Threat Defense, sometimes, the "Submission
Status" field of Identified files may become "Report
Unavailable" because DS can't get the analysis result
from Deep Discovery Analyzer for the submission over one day.
DS will no longer wait for the result of this submission and the
user will have to choose the identified file (event) and button
to submit the file to Deep Discovery Analyzer manually. Then,
DSM will submit the file, reset the submission date, and
wait/retrieve for DDAn analysis result again. (DS-98)
- When using a Policy with SAP turned on, if the SAP license has
expired, although it may appear on the DSM UI as though the SAP
Policy is still On, the policy sent to Agents will have SAP off.
SAP will not run on an Agent with an expired license. (DS-4534)
- With the SAP module enabled and Netweaver running on the same
host, when a realtime scan detects a malicious file it will be
reported twice. To prevent this, users should add the Netweaver
GUI process path e.g. "C:\Program Files
(x86)\SAP\FrontEnd\SAPgui\saplogon.exe" to their AM realtime scan
exclusion list. (DS-6615)
- When a user disables the scanner functionality and
then enables the Relay after assigning a Scanner "On" policy to
this Relay-enabled Agent, then deactivating and reactivating the
Agent, on the Computer details page there will be a delay in
display showing scanner icon and information first, then change
to relay icon and information. (DS-4988)
- When using Deep Security Scanner (SAP for Windows) to successfully
scan and block MIME types for graphics files such as jpg, bmp and
gif on the SAP WinGUI, administrators should enable the
configuration parameter SCANBESTEFFORT. (DS-2499)
- When using Deep Security Scanner (SAP for Windows), when a file
extension does not match the MIME Type of file itself, the scan
for virus will take some time, and the Rule Violation error will
not appear shortly. (DS-2484)
- When using Deep Security Scanner (SAP for Windows) and the block
MIME Type is set to application/zip on the SAP WinGUI, the scan
will proceed but will not block the .zip file immediately and
will take some time to return the result if the .zip file is
large. (DS-2470)
- When using Deep Security Scanner (SAP for Windows), if the file
to be scanned exceeds the DSM scan size limitation then instead
of an "Extracted file size exceeded the limit" error, a
"Skip file error" result will be returned. (DS-2002)
- When using Deep Security Scanner (SAP for Windows), there is a
difference in compressed files scan behavior between .zip and
.sar file types. If the file to be scanned is a .sar file and the
scanned file, when extracted, is larger than the Scan Limit
configured on the DSM, then the scan will be skipped. For .zip
files, the scan will be completed as long as the scanned file,
when extracted is smaller than the Extract size configured through
the SAP profile (DS-1126)
- When using Anti-Malware with containers there is currently no
ability to specify paths within containers when defining policy for
inclusion / exclusion lists. (DS-11086/DS-16030)
- Users should take care when manually adding a zip file to
Administration > Software > Local. If the original filename is not
maintained (as on the Download Center) it will not deploy correctly
to Agents. For example downloading a second copy of an Agent file
can result in a file named something like this:
Agent-amzn1-11.0.2-7690.i386 (1).zip. (DS-11078)
- When a virtual machine is added through vCloud connector, after
vMotion from unprotected ESXi host to a protected ESXi host, the
virtual machine will not go from Agent-only protection to combined
mode. (DS-557)
- When a virtual machine is added through vCloud connector, after
vMotion from a protected ESXi host to an unprotected ESXi host,
the virtual machine will not go from combined mode to Agent-only
protection. (DS-558)
- In an Agentless environment with a GuestVM Windows Server 2008
R2 64-bit protected by a DSVA, the SAP Configuration page will
display "Platform not supported." (DS-4987)
- If DSVA is configured in Agent-Initiated mode, user cannot
successfully activate the guest agents via DSM's web UI. A
"Protocol error" is shown in the web UI. The best practice for
deploying DSVA is bi-directional mode. (DS-9924)
- Some platforms (e.g. Linux) do not distinguish network interfaces
at the packet level, when they are connected to the same network.
When enabling "Policy -> Interface Types -> Rules can apply to
specific interfaces" on these platforms, firewall policies that
attempt to distinguish between network interfaces connected to the
same network will result in only one of the policies being applied.
[29543]
- The Trusted Platform Module (TPM) monitoring does not work on
vSphere 6 environment. When enabled, the event "The vCenter sent
empty or unreliable TPM information that has been ignored. This is
only an issue if the problem persists" will appear. In rare
circumstances, the value may also be unreliable on vSphere 5.5
environment. VMware is already investigating this issue.
[29268/27166]
- When doing vMotion of many simultaneous VMs, some of the VMs may
appear as Anti-Malware Engine Offline after it moves to the new
host. This occurred because the DSM checked the status of the VMs
during heartbeat before the vMotion is finished. Doing another
check status or waiting for the next heartbeat will fix the status.
[28825]
- If vMotion occurs while Anti-Malware scan is happening, there is a
possibility that the scan will not continue after moving from one
Agentless protected host to another. If you see an event saying
"Manual Malware Scan Failure" or if you see a "Manual Malware Scan
Started" without a corresponding "Manual Malware Scan Completed",
then this means that the scan has stopped and did not finish.
[28059]
- During the upgrade process after removing the Filter Driver, Deep
Security Manager will display "Intrusion Prevention Engine Offline
and Firewall Engine Offline" regardless of policy until the Deep
Security Virtual Appliance is upgraded.[28992]
- If the Deep Security Relay is down during deployment of Deep
Security Virtual Appliance, it will fail to upgrade
and will cause the vShield Endpoint to not register. Even after the
Deep Security Virtual Appliance upgrade becomes successful, the
vShield Endpoint will remain in a Not Registered state.
Reactivating the Deep Security Virtual Appliance will resolve this
issue. [28712]
- If agentless Anti-Malware real-time protection is turned off, the
notifier will not get any status updates from the appliance. It
will then turn off Antivirus protection in the Windows Action
Center. [29230/29574]
- When you deactivate the Deep Security Virtual Appliance or
agentless protection, the notifier will not be able to get any
status from the Deep Security Virtual Appliance. The notifier
knows that Anti-Malware is not working so it will turn it off in
the Windows Action Center. It does not know the status of the
firewall so it will leave the firewall status in the Windows
Action center in its last known state. [29230/29574]
- The CPU Usage (Agent only) setting under Manual and Scheduled Scan
Configuration in the Deep Security Manager console is not working
on SUSE 10 SP3 and SP4. [20717]
- Agentless protection is not supported in ESX 5.1 with NSX.
ESX 5.5, vCenter 5.5 and NSX Manager 6.0.5 are the minimum
requirements for agentless protection. [22062]
- Excluding a folder in Anti-Malware agentless protection would also
exclude folders that starts with the same folder name. For example,
excluding c:\temp also excludes c:\temp1 and c:\temp2 from
Anti-Malware scanning. [22037]
- Anti-Malware, Web Reputation, Integrity Monitoring, and Log
Inspection should not be enabled on the policy that is assigned to
the Deep Security Virtual Appliance itself. These features are not
supported when applied to the Deep Security Virtual Appliance and
may produce error events. [21250]
- It can take up to 30 minutes before the appliance is ready for
deployment through NSX Manager after importing the Deep Security
Virtual Appliance package to the DSM. Deploying the appliance
before the package is in place at \temp
would result in failure. [23150]
- The Deep Security Manager will display the platform of CentOS
machines as Red Hat. This is because the agent package used in
CentOS and Red Hat are the same and labeled as Red Hat agent
package.
[21674/25156]
- Location awareness will not work on pure IPv6 environment. [12776]
- Infected file will still appear in Quarantined Files list even if
the Anti-Malware Event says Quarantine Failed. [21620]
- In the computer updates page, Deep Security Manager will show
Smart Scan Agent Pattern, Spyware Active Monitoring Pattern, and
Virus pattern in Deep Security Agent for Linux regardless of the
scan mode.
[21829]
- Software update using IPv6 is currently not supported by Trend
Micro download center. [25937]
- After Deep Security Agent upgrade, the event "Abnormal Restart
Detected" may appear. The upgrade is not affected by this event and
may be safely ignored. Do Clear Warnings and Errors and perform a
Check Status to reflect the actual status of the agent. [26619]
- The Out of Sync relays hyperlink displays the correct count but
clicking the link will display both out of date computers and
relays. [23418/21042]
- Deep Security Manager does not support installation paths that
contain special characters (non-alphabet and non-numeric
characters). The same restriction also applies to the database
name and/or database account used by Deep Security Manager.
[16708]
- When a user runs Agent-initiated recommendation scan using the
"dsa_control -m RecommendationScan:true" command, no system event
related to recommendation scan is recorded.
- In Multi-Tenant installations, the Primary tenant Deep Security
Manager may cause "Reconnaissance Detected: Network or Port Scan"
alerts on Tenants' Deep Security Managers. To avoid these alerts,
Tenants can manually add the Primary Tenant's Deep Security
Manager IP address to the "Ignore Reconnaissance" IP list.
(Policies > Common Objects > Lists > IP Lists). [17175]
- In rare cases, adding a vCloud or AWS Cloud Account in Deep
Security Manager can result in the creation of two identical
Cloud Accounts. If this occurs, either one of the two accounts
can be safely removed. [17280/17051]
- In a cloud provider environment if the "Enable regular
synchronization with Cloud Provider" option is disabled, changing
the Deep Security Agent hostname will disrupt the communication
between Deep Security Manager and Deep Security Agent. Trend Micro
strongly recommends keeping the "Enable regular synchronization
with Cloud Provider" option ON. [15608]
- If the Manager node(s) and the Database are installed on machines
with synchronized clocks but configured for different time-zones,
an error indicating that the clocks are not synchronized will be
triggered incorrectly. [17100]
- On Windows Server 2008 and Windows Server 2012 systems, after
installing the Deep Security Manager with a co-located Relay,
the Deep Security Notifier icon does not automatically appear in
the Windows notification area. However, the Deep Security Notifier
will still function. Users need to re-launch the Deep Security
Notifier from the "Start" menu or restart the system. [17533]
- When using Deep Security in iCRC mode, a DNS server must be
available. If a DNS server is unavailable the Anti-Malware
feature of the Deep Security Virtual Appliance may not function
correctly. [Deep Security 8.0-01169]
- Deep Security Manager does not support License updates or
connecting to the Trend Micro Certified Safe Software Service
using a SOCKS5 proxy. To use these two features, use an
HTTP proxy. [Deep Security 8.0-1024]
- In certain cases, when attempting to use the dsm_s stop command
on Linux to stop the Deep Security Manager service, you may get
the following message:
"Timeout. Daemon did not shutdown yet."
Dsm_s is based on install4j whose timeout value is 15 seconds,
which cannot be changed. The Deep Security Manager may require
longer than this to shut down. To ensure the service has been
shut down run the "ps -ef | grep DSMService" command before using
the dsm_s stop command.
[Deep Security 8.0-00095]
- Air-gapped Relays will still try to contact an Update Server
to check for Updates. To avoid update failure alerts, set the
Relay to use itself as an update source:
1. In the Relay's "Details" window, go to "System > System
Settings > Updates".
2. In the "Relays" area, select "Other Update Source:" and
add "https://localhost:4122".
3. Click "Save".
[Deep Security 8.0-01124]
- If an ESXi with an installed vShield Endpoint driver is removed
from its vCenter, Deep Security Manager cannot detect the
installed driver if the ESXi is later re-added to the vf.
This will cause any newly Deep Security Virtual Appliance-
protected virtual machines to not have Anti-Malware enabled.
The workaround is to uninstall and reinstall the driver
through the VSM.
[Deep Security 8.0-01036]
- Intrusion Prevention is not supported over SSL connections
when using IPv6.
- The Anti-Malware scan inclusion/exclusion directory settings are
sensitive to forward slash "/" and backslash "\". For use with
Windows operating systems the inclusion/exclusion paths must use
the backslash "\". [7.5 SP1-00231]
- When creating custom Integrity Monitoring Rules using the
"RegistryKeySet" tag, the attribute values must be in uppercase
letters. For example, .
Using lowercase may result in an "Integrity Monitoring Rule
Compile Issue" error. [7.5 SP1-00171]
- Malware scans of network shared folders are only supported using
real-time scan. Manual scans or scheduled scans will not work.
[7.5-00012]
- Deep Security Manager cannot display an incorrect filename
event in the Anti-Malware Event if the malware was found in
the "Recycle Bin". [7.5-00023]
- During an upgrade, the Deep Security Manager service may not
be able to install properly on some platforms if the
"Services" screen is open. To work around this, make sure
the "Services" screen is closed prior to installation or
upgrade of Deep Security Manager.
- If you receive a "java.lang.OutOfMemoryError" error during the
installation of Deep Security Manager, please refer to the
Help Center for instructions on how to configure the
maximum memory usage for the installer.
- During an upgrade, if you receive a message stating that the
Deep Security Manager cannot start the service, restarting
Deep Security Manager usually fixes the problem. In rare cases,
you may have to run the installer again in Upgrade/Repair mode
after restarting.
- If Windows Firewall is enabled on Deep Security Manager, it
may interfere with port scans causing false port scan results.
Windows Firewall may proxy ports 21, 389, 1002, and 1720
resulting in these ports always appearing open regardless of
any filter placed on the computer.
- By default Exchange 2000 and later servers will dynamically
assign a non-privileged port (1024-65535) for communications
between the client and the server for the System Attendant,
Information Store, and Name Service Provider Interface (NSPI)
services. If you will be using the Microsoft Exchange Server
profile with an Exchange 2000 or later server then you
should configure these services to use static ports as
described in the article "Exchange 2000 and Exchange 2003
static port mappings" (http://support.microsoft.com/?kbid=270836).
Once static ports have been configured you should extend the
appropriate Exchange Server port list to include the ports that
have been assigned to these services.
You may also want to set the "No RFR Service" registry setting
to "1" to prevent the Exchange server from referring clients to
the domain controller for address book information. See the
article "How Outlook 2000 Accesses Active Directory"
(http://support.microsoft.com/?kbid=302914) for more information.
Alternatively, it is possible to configure Exchange RPC to run
over HTTPS if you are using Outlook 2003 on Windows XP
Service Pack 1 or later with Exchange Server 2003. In this case
only port 443 needs to be added to the Exchange port list.
- The "Recommendation" Alert may remain raised on some computers
even after all recommended Intrusion Prevention, Integrity and
Log Inspection Rules appear to have been applied. This can
occur because even though an "Application Type" may be
recommended for a computer, the "Application Type" will not be
displayed in the "Show Recommended" view if no Intrusion
Prevention Rules associated with Application Type are currently
recommended. To resolve the situation, use the "Show All" view
of the Intrusion Prevention Rules screen and assign all
recommended "Application Types" (even if no associated Rules are
currently recommended). Alternatively, you can just dismiss the
alert after verifying that you have assigned all recommended
rules to the computer. [8345]
- When an Appliance-protected VM is migrated from one
Appliance-protected ESXi to another, and if that virtual machine
currently has warnings or errors associated with it (for example
"Reconnaissance Detected"), those errors may incorrectly get
cleared during the migration. [10602]
- Log Inspection Events have a size limitation of 6000 characters.
8. Release History
========================================================================
Deep Security Manager 11.0.221, May 22, 2018
9. Files Included in This Release
========================================================================
This release is a complete installation. Use one of the
following files:
Manager-Linux-11.0.221.x64.sh (64-bit)
Manager-Windows-11.0.221.x64.exe (64-bit)
10. Contact Information
========================================================================
A license to Trend Micro software usually includes the right to
product updates, pattern file updates, and basic technical support
for one (1) year from the date of purchase only. After the first
year, you must renew Maintenance on an annual basis at Trend Micro's
then-current Maintenance fees.
Contact Trend Micro via phone or email, or visit our website
to download evaluation copies of Trend Micro products.
https://www.trendmicro.com/en_us/contact.html
NOTE: This information is subject to change without notice.
11. About Trend Micro
========================================================================
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative
security solutions that make the world safe for businesses and
consumers to exchange digital information.
Trend Micro, Deep Security, "deep security solutions", and
the t-ball logo are trademarks of Trend Micro Incorporated and
are registered in some jurisdictions. All other marks are the
trademarks or registered trademarks of their respective companies.
12. License Agreement
========================================================================
View information about your license agreement with Trend Micro at:
https://www.trendmicro.com/en_us/about/legal.html
Third-party licensing agreements can be viewed by selecting the
"About" option in the application user interface.
13. Third-Party Software
========================================================================
Deep Security employs the use of 3rd party binary distributions.
The binary distributions are subject to the licenses available in
the following directory:
[Install Directory]/licenses
Where 3rd party licenses require open access to their source code,
Trend Micro will provide the necessary materials upon written
request.
========================================================================
(C) 2018 Trend Micro Inc. All rights reserved.
Published in Canada.