<> Trend Micro Incorporated June 18, 2019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Virtual Appliance 12.0 Platforms: See https://help.deepsecurity.trendmicro.com/12_0/on-premise/Get-Started/Install/system-requirements.html#Deep3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: https://help.deepsecurity.trendmicro.com/12_0/on-premise/Welcome.html Patch/SP release documentation: https://help.deepsecurity.trendmicro.com/software.html TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deep Security Virtual Appliance platforms: Agentless (Windows) Anti-Malware, Firewall, Intrusion Prevention, Integrity Monitoring, Web Reputation: Windows 7 (32-bit, 64-bit) Windows Server 2003 (32-bit, 64-bit) Windows Server 2008 (32-bit, 64-bit) Windows Server 2008 R2 (64-bit) Windows 8 (32-bit, 64-bit) Windows 8.1 (32-bit, 64-bit) Windows Server 2012 (64-bit) Windows Server 2012 R2 (64-bit) Windows Server 2016 (64-bit) Windows Server 2019 (64-bit) Windows 10 (32-bit or 64-bit)* *See: https://success.trendmicro.com/solution/1119919 Agentless (Linux) Firewall, Intrusion Prevention, Web Reputation: Red Hat Enterprise 5 (32-bit and 64-bit) Red Hat Enterprise 6 (32-bit and 64-bit) Red Hat Enterprise 7 (64-bit) Red Hat Enterprise 8 (64-bit) CentOS 5 (32-bit and 64-bit) CentOS 6 (32-bit and 64-bit) CentOS 7 (64-bit) Oracle Linux 6 (32-bit and 64-bit) Oracle Linux 7 (64-bit) SuSE 10 SP4 (32-bit and 64-bit) SuSE 11 SP4 (32-bit and 64-bit) SuSE 12 SP3 (64-bit) SuSE 15 (64-bit)* Ubuntu 14.04 LTS (64-bit) Ubuntu 16.04 LTS (64-bit Ubuntu 18.04 LTS (64-bit) Debian 8 (64-bit) Debian 9 (64-bit) For a list of supported Deep Security features by software platform, patch distributions and NSX types, see: https://help.deepsecurity.trendmicro.com/12_0/on-premise/supported-features-by-platform.html Date: June 18, 2019 Release: 12.0 Build Version: 12.0.0-364 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: https://www.trendmicro.com/en_us/business/products/hybrid-cloud.html Download the latest version of this readme from the Deep Security Help Center, Software page: https://help.deepsecurity.trendmicro.com/software.html Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 12.0 1.1 Overview of This Release 1.2 Who Should Install This Release 1.3 Upgrade Notice 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 6. Known Incompatibilities 7. Known Issues in Deep Security Virtual Appliance 12.0 7.1 Known Issues from Deep Security Virtual Appliance 9.5 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third Party Software =================================================================== 1. About Deep Security 12.0 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security 12.0 contains feature enhancements and bug fixes. For a complete list of the major changes in Deep Security 12.0, see the "What's New?" page on the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/12_0/on-premise/whats-new.html 1.2 Who Should Install This Release ===================================================================== This update to the Deep Security Virtual Appliance protects against new vulnerabilities in the operating system of the appliance's virtual machine. You should install this release if you are currently running Deep Security 9.6 Service Pack 1 Patch 1, Deep Security 10.0 Update 17, Deep Security 10.1, Deep Security 10.2, Deep Security 10.3, Deep Security 11.0 Update 7, Deep Security 11.1, Deep Security 11.2, and Deep Security 11.3. All new Deep Security users should install Deep Security 12.0. 1.3 Upgrade Notice ===================================================================== - If you are using Deep Security Virtual Appliance, check that the Appliance (SVM) version is 10.0.0.2888 or greater. Deep Security Virtual Appliance 9.5.2.2022 has reached end of support, so those appliances must be upgraded to version 10.0.0.2888 or greater. For instructions, see: https://help.deepsecurity.trendmicro.com/12_0/on-premise/Get-Started/Install/upgrade-dsva.html (DS-31904) - Deep Security Virtual Appliance 12.0.0.264 has better stability and consumes less disk space. If you are using Deep Security Manager 12.0, you should use the Appliance (SVM) version 12.0.0.264 for your new deployment. You can also upgrade your existing Appliance (SVM) to version 12.0.0.264 for consistency and maintenance. For instructions, see: https://help.deepsecurity.trendmicro.com/12_0/on-premise/Get-Started/Install/upgrade-dsva.html (DS-31904) - Deep Security Virtual Appliance 12.0 requires RHEL7x64 Deep Security Agent packages for upgrade. For information about changes included in the agent, refer to the Deep Security Agent (Linux) readme file. - Deep Security Manager 12.0 does not support vShield Manager envrironment. You must upgrade a vShield Manager environment to NSX before upgrade to DSM 12.0. For instructions, see: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.2/nsx_62_upgrade_endpoint.pdf - Deep Security Manager 12.0 only supports Deep Security Virtual Appliance 10.0 or newer. 2. What's New ======================================================================== 2.1 Enhancements ===================================================================== Deep Security Virtual Appliance 12.0 includes these enhancements since version 11.0: Enhancement 1: [DS-29845/DS-21254/DS-21484/DS-21339/DS-21893/DS-22067/ DS-27159/DS-28779/DS-29845/DS-29745] VMWare reliability and scalability improvements: The scalability and reliability of Deep Security Virtual Appliance has been improved for large VMware Horizon VDI environments using VMware's Instant-Clone technology. Improvements have been made to address the dynamic operations of the VDI guest machines. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DS-30404/DS-31389] Agentless Anti-Malware for NSX-T: Deep Security can perform Anti-Malware protection on VMware virtual machines at the hypervisor level VMware NSX-T. For more information, visit Deploy the appliance (NSX-T): https://help.deepsecurity.trendmicro.com/12_0/on-premise/ig-deploy-nsx-t.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DS-31345/DS-30642] The same appliance can be used to deploy an SVM on both NSX-T and NSX-V infrastructures. This appliance can also be deployed in a vSphere which has virtual UEFI or BIOS support. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 4: [DS-31345/DS-30642] The minimum required disk space for deploying appliance SVM has been reduced. For more information, see: https://help.deepsecurity.trendmicro.com/12_0/on-premise/Get-Started/sizing.html#appliance ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2.2 Resolved Known Issues ===================================================================== This release resolves the following issues that were identified in previous releases of Deep Security Virtual Appliance: Issue 1: [DS-30562/DSSEG-3319/SEG-42234/SEG-38673] When 'Reactivate unknown agents' was enabled, Deep Security Manager was re-activating the embedded agent on the Deep Security Virtual Appliance unnecessarily. Solution 1: This release includes new logic for recognizing the agent when processing heartbeats from the Deep Security Virtual Appliance, which fixes the issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DS-34175] Deep Security Agent running on a Linux computer did not generate quarantine events for files with the detection name PACP_XXX. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DS-34963] A security update was triggered every time a policy was sent to Deep Security Virtual Appliance. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DS-31487] The 'Packet of Guest VM' data was empty in the Deep Security Virtual Appliance diagnostic package. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DS-33761] When the embedded agent package was upgraded automatically after the Deep Security Virtual Appliance deployment, the activated guest machines' Anti-Malware module was not working. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: - The Deep Security Help Center is available at: https://help.deepsecurity.trendmicro.com/12_0/on-premise/Welcome.html and includes: -- product overview, deployment plan, installation steps and basic information intended to help you smoothly deploy Deep Security. -- post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. - You can easily search the Help Center content or get context-sensitive help from your Deep Security Manager. - The Knowledge Base is a searchable database of known issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the system requirements, please refer to the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/12_0/on-premise/Get-Started/Install/system-requirements.html 5. Installation ======================================================================== - Refer to the "Get Started" section of the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/12_0/on-premise/install-deep-security.html - When a Deep Security Virtual Appliance is deployed in a VMware environment that makes use of the VMware Distributed Resource Scheduler (DRS), it is important that Deep Security Virtual Appliance does not get vMotioned. Deep Security Virtual Appliance must be "pinned" to its particular ESXi host. You must actively change the DRS settings for all Deep Security Virtual Appliances to "Manual" or "Disabled" (recommended) so that these will not be vMotioned by the DRS. If a Deep Security Virtual Appliance (or any virtual machine) is set to "Disabled", the vCenter Server does not migrate that virtual machine or provide migration recommendations for it. This is known as "pinning" the virtual machine to its registered host and is the recommended course of action for Deep Security Virtual Appliances in a DRS environment. An alternative is to deploy Deep Security Virtual Appliance onto a local store as opposed to a shared store. When Deep Security Virtual Appliance is deployed onto a local store it cannot be vMotioned by DRS. For further information on DRS and pinning virtual machines to a specific ESXi, please consult your VMware documentation. 6. Known Incompatibilities ======================================================================== There are no known incompatibilities for this release. 7. Known Issues in Deep Security Virtual Appliance 12.0 ======================================================================== - If you deactivate and reactivate a guest Virtual Machine while rebuilding a baseline for Integrity Monitoring, the "Inapplicable Integrity Monitoring Rule" and "Agent/Appliance Database Error" events are sent to Deep Security Manager. (DS-33265) - When using a Deep Security Virtual Appliance deployed in an NSX environment, after turning on a protection module and applying a rule to a protected VM, then when switching between protection module tabs in Deep Security Manager, the status may display "Not Activated" for a brief time before correctly displaying the correct state (for example, "On, 1 rule"). (DS-12380) - Due to a known issue with the VMWare EPSec API, an advanced threat detection (machine learning) query will be initiated again when deleting files and moving them to the recycle bin. This make the deleting process slower. This only happens for soft-deletes (moving the files to the recycle bin). If a user chooses to delete the files from hard disk directly (hard-delete), the issue will not happen. (DS-14032) 7.1 Known Issues from Deep Security Virtual Appliance 9.5 ===================================================================== - In an NSX environment, the Deep Security Virtual Appliance should be uninstalled prior to moving the ESXi host to a different cluster. NSX 6.2 and later will uninstall the appliance automatically when moving a host from cluster A to cluster B. [23192/23193] - Anti-Malware, Web Reputation, Integrity Monitoring, and Log Inspection should not be enabled on the policy that is assigned to the Deep Security Virtual Appliance itself. These features are not supported when applied to the Deep Security Virtual Appliance and may produce error events. [21250] - The NSX (network visualization components on vSphere hosts), VMware endpoint and Trend Micro Deep Security service cannot install and deploy successfully when a new host is added to the same cluster. As a workaround, join the new host to the dvSwitch before adding it to the cluster. [22211] - After Deep Security Virtual Appliance deployment, creating Trend Micro Service in VMware vSphere may produce the error "Cannot complete the operation". This happens when Deep Security Virtual Appliance has just started and some services are not yet running. As a workaround, try the operation again at a later time. - VMWare NSX may not automatically apply the VMWare NSX Security Policy to new VMs, cloned VMs or VMs that are moved to a protected port group. If you notice that the Deep Security Virtual Appliance is not providing protection under the pre-mentioned conditions go into VSphere Web Client edit the Service Composer->Security Group-> Trend VM Security Group, make no changes but simply hit finished. This will trigger NSX to reapply the VMWare NSX Security Policy to the proper VMs. [24039] - In an NSX environment, assigning IPv6 address to the Deep Security Virtual Appliance using IPv6 pool is not supported. [DS-16898, 21695] - In an NSX environment, Layer 2 packets are not passed to the Deep Security Virtual Appliance and are therefore bypassed (e.g. ARP). [23471] - It can take up to 30 minutes before the appliance is ready for deployment through NSX Manager after importing the Deep Security Virtual Appliance package to the DSM. Deploying the appliance before the package is in place at \temp would result in failure. [23150] - In an NSX environment, when deploying the Deep Security Virtual Appliance, the error "Unable to access agent OVF package file at https:/appliance/NSX/system.vmdk may sometimes appear indicating that the user canceled the task. Retry the installation when this happens. [23305] - When using Firewall and IPS Rule Schedules, the rule will take effect on DSVA's timezone which is configured as UTC in 9.5. [23660] - In a NSX environment, when several agentless protected guest virtual machines are vMotioned simultaneously, some VMs will be reactivated after vMotion. [23500] - NSX Manager shows the status of "Trend Micro Deep Security" installation status as failed on existing cluster when the deployment URL has been changed. When this happens, do not click the "Resolve" button because it will try to upgrade the existing master appliance which will result to the appliance being redeployed. As a result, the VMs that are activated will no longer be activated. Recommendation is to host the appliance dsva.ovf on an external web server, and don't change the URL of the appliance after it has been deployed. [23994] - If Deep Security Virtual Appliance does not have enough disk space for an upgrade, it does not clear up disk space or warn users before running the upgrade. As a result, the upgrade fails and triggers error messages from vCenter and Deep Security Manager. - In some cases, if you deploy Deep Security Virtual Appliance and you select to use a static IP address, the default DNS domain will be set incorrectly. To resolve this, log on to the Deep Security Virtual Appliance console command line and run "vi /etc/resolv.conf". Ensure the values for search and nameserver are correct for your environment. [Deep Security 8.0 Tier 2-00184] - SYN Flood protection is only supported on versions 7.5 or older Windows Agent versions and on versions 7.5 or older Virtual Appliance versions. It is not supported on versions 7.5 Service Pack 1 or higher Windows Agent versions or versions 7.5 Service Pack 1 or higher Virtual Appliance versions. It is not supported on any version of the Linux or Solaris Agents. - On some Windows platforms, when downloading malware using Microsoft Internet Explorer(TM), the download process windows closes upon detection. The file will still be detected and cleaned even though no error or warning was given. [00619] - The quarantine action may fail if the maximum quarantine size is set too high. The default size is 32 MB. It is recommended not to set the limit higher than 200 MB. - If your ESXi or Deep Security Virtual Appliance are in a different domain than your Deep Security Manager, they may have problems connecting to Deep Security Manager. Renaming your Deep Security Manager to use the fully qualified name fixes this, for example, "manager.hq.local". For information on how to rename your Deep Security Manager hostname, refer to the documentation. - For any images you have on your ESXi machine, ensure you have the latest VMware Tools installed. - Deep Security Virtual Appliance cannot perform Log Inspection which means users cannot assign Log Inspection Rules to machines without an in-guest Deep Security Agent. 8. Release History ======================================================================== DSVA 12.0.0-364, June 18, 2019 9. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files: Appliance-ESX-12.0.0-364.x86_64.zip 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via phone or email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Trend Micro, Deep Security, "deep security solutions", and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed by selecting the "About" option in the application user interface. 13. Third Party Software ======================================================================== Deep Security employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [Install Directory]\licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2019 Trend Micro Inc. All rights reserved. Published in Canada.