<> Trend Micro Incorporated June 18, 2019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Agent 12.0 for Unix ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: https://help.deepsecurity.trendmicro.com/12_0/on-premise/Welcome.html Patch/SP release documentation: https://help.deepsecurity.trendmicro.com/software.html TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deep Security Agent Platforms: - Solaris 10 Updates 4-10 (64-bit, SPARC or x86) - Solaris 10 Update 11 (1/13) (64-bit, SPARC or x86) - Solaris 11.0 (1111), 11.1 (64-bit, SPARC or x86) - Solaris 11.2, 11.3 (64-bit, SPARC or x86) - Solaris 11.4 (64-bit, SPARC or x86) Date: June 18, 2019 Release: 12.0 Build Version: 12.0.0-364 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: https://www.trendmicro.com/en_us/business/products/hybrid-cloud.html Download the latest version of this readme from the Deep Security page at the Trend Micro Download Center website: https://help.deepsecurity.trendmicro.com/software.html Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 12.0 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 6. Known Incompatibilities 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third-Party Software =================================================================== 1. About Deep Security 12.0 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security Agent 12.0 contains no feature enhancements but includes some bug fixes. For a list of the major changes in Deep Security 12.0, please see the "What's New" article on the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/12_0/on-premise/whats-new.html 1.2 Who Should Install This Release ===================================================================== You should install Deep Security Agent 12.0 if you are currently running Deep Security Agent 9.0, 10.0 or 11.0 2. What's New ======================================================================== 2.1 Enhancements ===================================================================== There are no enhancements included in this release. 2.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DS-30145/SEG-39670] An Integrity Monitoring rule could be triggered unintentionally when the prefix of its base directory path matched that of another rule. For example, if you had rules that monitored "c:\lab\" and "c:\lab1\", and added a file "c:\lab1\sample.txt", both rules would be triggered. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DS-31384] When the Application Control driver failed to load (for example, if the driver was corrupted during a Deep Security Agent upgrade), the agent would send system events to Deep Security Manager repeatedly as it tried to reload the driver. The large number of generated events consumed database storage and made the loading of System Events extremely slow. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DS-31614] Certain data structures in the Deep Security Agent packet engine were cleaned up prematurely, leading to a kernel panic and system crash. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DS-32484] Deep Security Agent process was potentially crashed when the detailed logging of SSL message was enabled and output. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DS-32634] Deep Security Agent's Intrusion Prevention module silently dropped zero payload UDP packets. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DS-32865] For Web Reputation, Deep Security Agent sent the incorrect credentials to the proxy, which returned HTTP 407. Solution 6: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DS-33576/SEG-23351] On AIX servers, the Deep Security Agent processing of User and Group information for Integrity Monitoring leaked file descriptors. This lead to an increasing number of file descriptors associated to the ds_agent process. This build up of file descriptors could potentially cause creation of defunct processes, high memory usage for the ds_agent process or cause a server restart. Solution 7: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DS-33794] JSON decode errors occured in the Deep Security Agent log if a Ubuntu 16.04 instance was launched and an agent was installed in it in a GCP or other cloud platform (AWS/Azure). Solution 8: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DS-34969] The Deep Security Agent for Solaris 11 uninstallation sometimes failed if the agent had been upgraded previously. Solution 9: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [DS-35043] Deep Security Virtual Appliance triggered security updates every time a policy was sent to Deep Security Virtual Appliance. Solution 10: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 11: [DS-35750] Occasionally, the temporary repository created during the upgrade of Deep Security Agent for Solaris 11 was not removed. Solution 11: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 12: [DSSEG-3535/SEG-44773] Everytime a powershell script was executed it would generate temporary files in the temp folder which resulted in an excessive amount of drift and events being reported. Solution 12: This issue is fixed in this release. Added Powershell to the list of trusted update rules for the files created in the temp folder to reduce the drift events being reported. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: - The Deep Security Help Center is available at: https://help.deepsecurity.trendmicro.com/12_0/on-premise/Welcome.html and includes: -- product overview, deployment plan, installation steps and basic information intended to help you smoothly deploy Deep Security. -- post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. - You can easily search the Help Center content or get context-sensitive help from your Deep Security Manager. - Knowledge Base -- a searchable database of known issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/12_0/on-premise/Get-Started/Install/system-requirements.html 5. Installation ======================================================================== Refer to the "Get Started" section of the Deep Security Help Center: https://help.deepsecurity.trendmicro.com/12_0/on-premise/install-deep-security.html - Only use the Agent installer package (the .pkg.gz or the .p5p.gz file) on its own to install the Deep Security Agent. If you extract the full Agent zip package and then run the Agent installer from the same folder that holds the other zipped Agent components, all the Security Modules will be installed. That may cause a conflict with the Anti-Malware or Firewall driver if you use applications other than Deep Security to provide those functionalities. - Before installing this patch, please ensure that the Deep Security Manager has already been upgraded to 12.0. - All Deep Security Relay-Enabled Agents must first be upgraded to Deep Security Agent 12.0 before upgrading other Agents. 6. Known Incompatibilities ======================================================================== There are no known incompatibilities for this release. 7. Known Issues ======================================================================== - Curly brackets ( { and } ) are not accepted characters for the passphrase of Credentials and the password of Proxy configuration. (SEG-49339/SEG-41886) - Since Solaris 10u5 is not supported in this version, those users using Solaris 10u5 and u6 are affected and cannot upgrade to DSA 10.0 directly. We recommend either staying at DSA 9.0, or upgrading to Solaris 10u7+ by following Oracle's instructions, e.g. "Oracle Solaris 10 8/11 Installation Guide: Live Upgrade and Upgrade Planning". (DS-2723) - In this release, Linux and Solaris Agents do not drop ARP packets anymore. All ARP packets dropped by previous Agents will only be logged in DSA 10.0 or newer versions. The behaviour of the Windows Agent remains unchanged. (DS-5354) - When uninstalling Deep Security Agent on Solaris 11, warning message:"the following unexpected or editable files and directories were salvaged while executing the requested package operation; they have been moved to the displayed location in the image" will be shown. This is because the Solaris Image Packaging System (IPS) has removed the capability of packages to remove plugins and temporary files. Users can safely ignore the message and remove these files manually. (DS-2094) - On Solaris, when Deep Security Integrity Monitoring is enabled and the rule "1003513 - Unix - File attributes changed in /etc location" is assigned, the following syslog log may occur: ds_agent[1316]: [ID 702911 local0.error] Mapping failed for offset 0 of file /etc/mnttab (error 89: Operation not applicable) /etc/mnttab is an instance of a specialized file system and cannot be loaded into memory for analysis. Similar error messages for the following files may appear: /etc/utmppipe /etc/saf/zsmon/_pmpipe /etc/saf/_sacpipe /etc/svc/volatile/init.state /etc/dfs/sharetab You can add these files to the "File path to be ignored under 'etc' path" section of the rule configuration tab to exclude them from processing. - On Solaris, if the "1002831Unix - Syslog" rule is assigned and the previous issue is occurring, log inspection events may also be generated if the log inspection module is enabled. - When using Deep Security Agent on Solaris with Intrusion Prevention enabled, if multiple rule matches occur in rapid succession on the same detect-only rule in the same TCP or UDP connection, the events are not aggregated properly, resulting in an incorrect event count. 7.1 Known Issues from Deep Security Agent 9.0 SP1 Patch 5 ======================================================================== - Deep Packet Inspection (DPI) is not supported over SSL connections when using IPv6. - If you want to use Point To Point Tunneling Protocol (PPTP) with Deep Security, you must modify some of the advanced settings. To apply the recommended modifications: a. Log in to Deep Security Manager and go to "System Settings > Network Engine". b. Check the "Advanced Settings" check box and set the following: - Filter IPV4 Tunnels: Disable detection of IPV4 Tunnels - Maximum Tunnel Depth: 4 - Action if Maximum Tunnel Depth Exceeded: Bypass c. Click "Save". [Deep Security 8.0 Tier 2-00200] - SYN Flood protection is only supported on versions 7.5 or earlier of the Windows Agents and on versions 7.5 or earlier of the Virtual Appliance. It is not supported on versions 7.5 SP1 or later of the Windows Agents or versions 7.5 SP1 or later of the Virtual Appliance. It is not supported on any versions of the Linux or Solaris Agents. - If you start the Agent from a terminal session, the Agent may stop when the terminal window is closed. You can prevent this by performing the following steps: a. Open a command prompt and run the following command: vi /etc/init.d/ds_agent b. Change lines from ds_agent -w /var/opt/ds_agent to nohup ds_agent -w /var/opt/ds_agent > /dev/null 2>&1 c. Save the file and restart the Agent. - If you have installed a version of libiconv from "www.sunfreeware.com" that is newer than version 1.8, you may see the following warning when installing the Solaris Agent: WARNING: The package "libiconv from http://www.sunfreeware.com/" is a prerequisite package and should be installed. This message can be safely ignored. - If you have installed a version of libgcc from "www.sunfreeware.com" that is newer than version 3.4.6, you may see the following warning when installing the Solaris Agent: WARNING: The package "libgcc from http://www.sunfreeware.com/" is a prerequisite package and should be installed. This message can be safely ignored. - During upgrade, you may see an Agent upgrade failed error and the following system event: Processing package instance from pkgadd: ERROR: unable to make temporary directory This is caused by the pkgadd in Solaris creating an environment variable for the ds_agent process. To complete the upgrade, restart the ds_agent process on the Solaris machine and repeat the upgrade. The previous version of the ds_agent is still running and protecting the Solaris machine. - When the network engine is working in TAP mode and the in-guest agent is offline, the Deep Security Virtual Appliance status will be "Stand By". When this occurs, the Deep Security Virtual Appliance is actually online and DPI/FW events will still be logged when rules are triggered. [10948] - Log Inspection event logs are limited to 6000 characters. - In Solaris SPARC (10/11), when the Communication Direction between Deep Security Manager to Agent or Appliance is set to "Agent/Appliance Initiated", the Agent goes offline and into maintenance mode. When this happens, the Agent does not go back online even after users restart the Appliance or the Agent. To resolve this issue, users would need to either re-install the Agent or use bidirectional communication, which is always inherited when the Agent is added in the Deep Security Manager console. This issue will be fixed in the next patch release. 8. Release History ======================================================================== See the following website for more information about updates to this product: https://help.deepsecurity.trendmicro.com/software.html - Deep Security Agent 12.0, Build 12.0.0-364, June 18, 2019 9. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files depending on the Solaris platform: Agent-Solaris_5.10_U5-12.0.0-364.sparc.zip Agent-Solaris_5.10_U5-12.0.0-364.x86_64.zip Agent-Solaris_5.10_U7-12.0.0-364.sparc.zip Agent-Solaris_5.10_U7-12.0.0-364.x86_64.zip Agent-Solaris_5.11-12.0.0-364.sparc.zip Agent-Solaris_5.11-12.0.0-364.x86_64.zip Agent-Solaris_5.11_U4-12.0.0-364.sparc.zip Agent-Solaris_5.11_U4-12.0.0-364.x86_64.zip 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Trend Micro, Deep Security, "deep security solutions", and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed by selecting the "About" option in the application user interface. 13. Third-Party Software ======================================================================== Deep Security employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [Install Directory]/licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2019 Trend Micro Inc. All rights reserved. Published in Canada.