~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security(TM) Agent 9.0 Service Pack 1 Patch 5, Deep Security Relay 9.0 Service Pack 1 Patch 5 Critical Patch, and Deep Security Notifier 9.0 Service Pack 1 Patch 5 Critical Patch for Microsoft(TM) Windows(TM) Platforms: Windows Server 2012 R2(64-bit), Windows 8.1 U1 (32-bit and 64-bit), Windows 8.1 (32-bit and 64-bit), Windows Server 2012 (64-bit), Windows 8 (32-bit and 64-bit), Windows 7 (32-bit and 64-bit), Windows Server 2008 R2 (64-bit), Windows Server 2008 (32-bit and 64-bit), Windows Server 2008 R2 Hyper-V(*), Windows Vista (32-bit and 64-bit), Windows Server 2003 Service Pack 1 (32-bit and 64-bit) with patch "Windows Server 2003 Scalable Networking Pack"(***), Windows Server 2003 Service Pack 2 (32-bit and 64-bit), Windows Server 2003 R2 Service Pack 2 (32-bit and 64-bit), Windows XP (32-bit and 64-bit), Windows XP Embedded(**)(***) Windows Embedded POSReady 2009 (****) (*)There is no agentless solution for Windows Hyper-V. The Agent installed on the Hyper-V hypervisor will only protect the hypervisor itself. To protect guest images running on Hyper-V, an Agent must be installed on each Hyper-V guest. (**)Due to the customization possible with Windows XP Embedded, customers should make sure that the services and ports necessary to run the Deep Security Agent are been enabled in their environments. (***) The Relay and Notifiers are not supported on these platforms. (****) [23917/TT299778] Not currently supported: Windows Server 2012 Core Windows Server 2008 Core Microsoft Virtual Server 2005 R2 Service Pack 1 Date: January 17, 2018 Release: 9.0 Service Pack 1 Patch 5 Critical Patch Build Version: 9.0.0.5531 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the click through license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: http://us.trendmicro.com/us/solutions/enterprise/security-solutions/ virtualization/deep-security/ Download the latest version of this readme from the "Software" page at the Trend Micro Download Center website: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any other Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security Agent 9.0 Service Pack 1 Patch 5 Critical Patch 1.1 Overview of this Release 1.2 Who Should Install this Release 1.3 Support Expiration Notice 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Known Incompatibilities 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third Party Software =================================================================== 1. About Deep Security Agent 9.0 Service Pack 1 Patch 5 Critical Patch ======================================================================== 1.1 Overview of this Release ===================================================================== Deep Security Agent 9.0 Service Pack 1 Patch 5 Critical Patch for Windows contains a solution for one issue. Refer to the "What's New" section of this readme file for more information. 1.2 Who Should Install this Release ===================================================================== You should install Deep Security Agent 9.0 Service Pack 1 Patch 5 Critical Patch if you are currently running Deep Security Agent 7.0, 7.5, 8.0, or 9.0. 1.3 Support Expiration Notice ===================================================================== Please refer to Trend Micro Download or Support center for an official notice about product version life-cycle and End of Support information. Please visit the Trend Micro Download Center website to download the latest releases at: http://downloadcenter.trendmicro.com/ 2. What's New ======================================================================== For major changes in Deep Security Agent 9.0 Service Pack 1 Patch 5 Critical Patch from previously released versions of Deep Security Agent, refer to the "What's New in Deep Security Agent 9 Service Pack 1 Patch 1" section of the Deep Security Manager's online help or the Deep Security Agent Administrator's Guide or Deep Security Agent Installation Guide, available for download from the Trend Micro Download Center. 2.1 Enhancements ====================================================================== Deep Security Agent 9.0 Service Pack 1 Patch 5 Critical Patch has the following enhancement: Enhancement 1: [DSSEG-1876] Microsoft requested that anti-virus vendors set a registry key that will allow a critical system patch for Microsoft Windows. The Deep Security Agent now sets the required registry key upon installation. For details, see https://success.trendmicro.com/solution/1119183 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0 Service Pack 1 Patch 5 Critical Patch does not resolve any issues. 3. Documentation Set ======================================================================== In addition to this readme, the documentation set for this product includes the following: o Deep Security Agent 9.0 Service Pack 1 Patch 5 Installation Guide (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you deploy Deep Security Agent smoothly. o Deep Security Agent 9.0 Service Pack 1 Patch 5 Administrator's Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security Agent. o Readme files -- version enhancements, known issues, and release history. There is one readme for each installable Deep Security component: Manager, Agent (including Relay and Notifier), Virtual Appliance, and ESXi Filter Driver. o Electronic versions of the manuals are available from: http://docs.trendmicro.com/en-us/enterprise/deep-security.aspx o Online help -- Context-sensitive help screens that provide guidance for performing a task. o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the "Deep Security 9.0 Service Pack 1 Patch 5 Installation Guide". 5. Installation/Uninstallation ======================================================================== Refer to the "Deep Security Agent 9.0 Service Pack 1 Patch 5 Installation Guide" document available for download from the Trend Micro Download Center. 6. Known Incompatibilities ======================================================================== The following are the known incompatibilities for this release: 1. Resonate Load Balancer (5.0.1) Deep Security Agents Affected: All Issue: Environments in which the Resonate load balancing software is installed may experience a loss of Resonate functionality when the Deep Security Agent is installed. Resolution: Restart the Resonate Central Dispatch Controller services. 2. Trend Micro Client Server Messaging Security for SMB Deep Security Agents Affected: All Issue: Connectivity issues have been noted when running versions of Trend Micro Client Server Messaging Security for SMB that are older than Version 3.5 Build 1113. Resolution: Upgrade Trend Micro Client Server Messaging Security for SMB to Version 3.5 Build 1138 or higher. 3. Realtek RTL8169/8110 Family Gigabit Ethernet NIC Deep Security Agents Affected: All Issue: Issues have been noted when using Version 5.663.1212.2006 of the Realtek Gigabit Ethernet NIC. Resolution: To resolve these issues, upgrade the driver to the latest version. 4. Intel(R) PRO/100+ Dual Port Server Adapter Deep Security Agents Affected: All Issue: Issues have been noted when using Intel NIC cards with driver versions lower than 8.0.17.0. Resolution: To resolve the issue, upgrade the driver to version v8.0.19 or higher. 5. Microsoft Network Load Balancer (MS-NLB) Deep Security Agents Affected: All Issue: Issues have been noted when using Microsoft Network Load Balancer (MS-NLB). Resolution: MS-NLB is incompatible with Deep Security Agent and currently there is no solution available for this incompatibility. 7. Known Issues ========================================================================= The following are the known issues for this release: - In some cases, a laptop computer has the "Microsoft Virtual Wi-Fi Miniport Adapter" option enabled. Such devices, used for creating Wi-Fi hotspots (ad hoc networks) through the wireless adapter, would enable both the real device for the true wireless connection and the "Microsoft Virtual Wi-Fi Miniport Adapter" for the ad hoc connections, with the same MAC address. This triggers Deep Security Agent on such laptop computers to request an interface update on every heartbeat. - In a cloud provider environment, if the "Enable regular synchronization with Cloud Provider" option is disabled, changing the Deep Security Agent hostname will disrupt the communication between Deep Security Manager and Deep Security Agent. Trend Micro strongly recommends keeping the "Enable regular synchronization with Cloud Provider" option ON. - On Windows 2008 and Windows Server 2012, after installing Deep Security Manager with a co-located Relay, the Deep Security Notifier icon does not automatically show up in the Windows notification area. However, Deep Security Notifier will still work. When this happens, users need to re-launch Deep Security Notifier from the "Start" menu or restart the system. - Deep Security Notifier 8.0 is incompatible with Deep Security Virtual Appliance 9.0 in VMware environments due to an architectural change between VMware vSphere 5.0 and 5.1. In vSphere (ESXi) 5.1, Deep Security Notifier 9.0 is compatible with Deep Security Virtual Appliance 9.0. - The following system event log appears when you install Deep Security Agent on the Windows Vista, Windows 2008, or Windows 7 platform: "The Trend Micro Deep Security Agent service is marked as an interactive service. However, the system is configured not allow interactive services. This service may not function properly." This is a normal warning on Windows Vista or higher Windows versions. On these platforms, Windows does not allow services to interact with the user's desktop, so the operating system displays the warning when Deep Security Agent tries to use interactive services. This desktop interaction feature is used by the Deep Security Agent to provide the restart notice on pre-Vista versions of Windows. The warning message can be safely ignored. [Deep Security 8.0 Tier 2-00253] - In Windows Vista and higher releases, sometimes, you will encounter problems while upgrading the Deep Security Agent. The problem is related to the timing of the VC RTL assemblies being published to WinSxS, but it only seems to cause trouble on Vista or higher and only if the version of the RTL is not changing. The root cause is some corrupted Windows components. To work around this, you can either run the Windows System File Checker (sfc.exe) to repair the operating system, or install the Microsoft Visual C++ Redistributable Package from the following URL before starting the upgrade procedure again. http://www.microsoft.com/download/en/details.aspx?id=26347 After installing the package from Microsoft, you should restart the computer or the upgrade may still fail. To recover from this, you can install the package, re-run the installer, and restart the computer. [Deep Security 8.0-01044] - The Deep Security Relay server does not support a component rollback. If a rollback is performed on a Deep Security Relay, the components listed in the Deep Security Manager may no longer match the actual versions present on the Relay. Subsequent component updates will re-sync the component versions displayed in Deep Security Manager. [Deep Security 8.0 Tier 2-00180] - Deep Security Notifier may not start after a remote upgrade of the Deep Security Agent. If this occurs, manually restart the Notifier from the "Start" menu, or restart the machine. [Deep Security 8.0-01196] - On the "Custom Setup" page of the Deep Security Agent or Relay installer, "URL filtering" is incorrectly described as being part of the Anti-Malware module. "URL filtering" is in fact part of Intrusion Prevention. - Intrusion Prevention is not supported over IPv6 SSL connections. - On Windows XP, you may encounter a "Fatal Error During Installation." message if you attempt to uninstall the Deep Security Agent or Relay through the "Add/Remove programs" page while the Agent's "Self Protection" function is enabled. This message comes from Windows indicating that the uninstall did not proceed because self-protection is enabled. It is not a Deep Security error. [Deep Security 8.0-00410] - When running an Anti-Malware Manual Scan with Smart Scan enabled, if the Deep Security Agent cannot contact the Smart Scan server, the resulting error event will indicate a "Real-Time" scan type instead of "Manual". [Deep Security 8.0 Tier 2-00024] - If network connectivity is lost for an extended period of time during a Deep Security Agent upgrade, you may need to restart the host machine. - It is possible that NDIS drivers will stop responding during Deep Security Agent installation or uninstallation if they do not properly free packets when requested to unbind. Deep Security Agent with DIS 5.1 or NDIS 6.0 driver can free all packets correctly before upgrading or uninstalling. However, when installing or uninstalling NDIS drivers, Microsoft requires that all NDIS drivers be unbound and then rebound. This means that if other third-party NDIS drivers do not properly free packets, it is still possible for the Deep Security Agent install, upgrade, or uninstall process to stop responding. This is beyond Trend Micro's control and will only happen rarely. If this occurs, restart the computer and try to install, uninstall, or upgrade Deep Security Agent again. - On VMware vSphere 4, if a new Ethernet adapter is dynamically added to a running Windows virtual machine protected by a Deep Security Agent, the adapter may not be protected by the Agent installed on the virtual machine. To ensure the newly-added adapters are protected after adding a new Ethernet device in vSphere client: 1. Open the console for the virtual machine. 2. Go to "Control Panel > Network Connections". 3. Select the new network adapter that was just added. 4. Select "Properties". 5. Verify that the checkbox for the "Trend Micro DSA Filter Driver" is marked. 6. Select "OK". - Log Inspection Event logs are limited to 6000 characters. - When the network engine is working in TAP mode and the in-guest Agent is offline, the Deep Security Virtual Appliance status will display "Stand By". But, Deep Security Virtual Appliance is actually online and IP/FW events logs are still generated as rules are triggered. - The Deep Security Agent anti-malware engine appears offline even when it is online. This issue has been fixed in previous Deep Security Agent maintenance (Hot fixes/Patches/Service Packs) releases but did not make it to this release. - [FB27263] The Deep Security Agent Ugrade failed on Windows 2008 Server. This issue does not occur on Windows 2008 R2, Windows 2012 and Windows 2012 R2. This is due to side by side issue and is not resolved. Customer must uninstall old build and then install the new build or run the MSI package twice to make it work. - [FB25342] Installing Deep Security 9.0 Agents to Windows 2012 R2 and Windows 8.1, with Windows default firewall enabled, the machine may loses all network connections. This is a known issue and may affect customers in some environments. The workaground is to reboot the system after it had lost the connectivity, while it was trying to install the Filter Driver. Another workaround is to disable the Windows Firewall before starting DSA installation and then start installing agent on it, to avoid system reboot. That fixes the network connectivity problem. 8. Release History ======================================================================== See the following website for more information about updates to this product: http://www.trendmicro.com/download - Deep Security Agent 9.0.0.4002, October 07, 2014 - Deep Security Agent 9.0.0.3500, May 30, 2014 - Deep Security Agent 9.0.0.3044, December 6, 2013 - Deep Security Agent 9.0.0.2404, September 11, 2013 - Deep Security Agent 9.0.0.2014, May 21, 2013 - Deep Security Agent 9.0.0.883, January 30, 2013 - Deep Security Agent 9.0.0.5531, January 17, 2018 8.1 Deep Security Agent 9.0.4002 ===================================================================== 8.1.1 Enhancements ===================================================================== Deep Security Agent 9.0 4002 does not add any enhancement. 8.1.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0.4002 resolves the following issues: Issue 1: [21466/289954] Deep Security Agent adds a "VistaSP1+ firewall status update" error to the system events every 30 seconds. This creates a large number of system events even if the error occurs once, for example, when a Firewall entry is removed from the Windows Action Center. A user requested for a way to reduce the error report frequency. Solution 1: This Patch sets a flag that Deep Security Agent can use to indicate whether it has logged the error event to the report firewall status on the Windows Action Center. Deep Security Agent will log the error again only after the service restarts and the error occurs again, or after it has sent another Firewall status update successfully. --------------------------------------------------------------------- Issue 2: [21519/TT28821] If users added a file name to the exclusion list without the corresponding path, the exclusion would work on local files only. Solution 2: This Patch enables the exclusion list to work even when the specified file is accessed through a network path. --------------------------------------------------------------------- Issue 3: [23848] Deep Security Relay 9.0 used a version of the Nginx web server and its statically linked OpenSSL that are affected by several vulnerabilities. Solution 3: This Patch updates the Nginx web server program and the statically linked OpenSSL in Deep Security Relay 9.0 to remove the vulnerabilities. --------------------------------------------------------------------- Issue 4: [23972/TT301281] Since the release of AMSP 2.0, the "C:\Program Files\ Trend Micro\AMSP\debug" folder permissions are set to writable for everyone. This could allow unauthorized modification of the files in this folder. Solution 4: This Patch sets the debug log folder writable for everyone in Local log mode (DebugLogMode=0) and not writable for everyone in Remote pipe mode (DebugLogMode=1) --------------------------------------------------------------------- Issue 5: [24375/TT301998] Passive FTP over IPv6 did not work. Once the user logged in to a passive FTP session, any commands that required setting up a separate connection would fail. This occurred because an unnecessary check on the dynamic_rule.c prevented the installation of dynamic rules for IPv6 traffic. Solution 5: This Patch removes the unnecessary checking procedure. --------------------------------------------------------------------- Issue 6: [24502/TT305315] When Deep Security Appliance 9.0 Service Pack 1 was assigned to a Trend Micro Smart Protection Server 3.0 server, the FRS traffic screen on the Smart Protection Server console did not show any traffic. This occurred because the FRS query sent from Deep Security Agent did not contain any "build number" information for the user-agent part, which prevented Smart Protection Server from parsing the string. Solution 6: This Patch ensures that FRS queries contain complete and accurate information, which resolves this issue. 8.2 Deep Security Agent 9.0.3500 ===================================================================== 8.2.1 Enhancements ===================================================================== Deep Security Agent 9.0.3500 adds the following enhancement: Deep Security Agent 9.0 Service Pack 1 Patch 3 adds the following enhancements: Enhancement 1: [22450] Deep Security Agent dsa_control Utility \96 The following two switches have been added for the dsa_control utility to help users run Integrity Monitoring Scans from the dsa_control command line. - --buildBaseline - --scanForChanges Enhancement 2: [22338/TT294648] Nginx Web Server for Deep Security Relay - The Nginx web server program in the Deep Security Relay 9.0 for Windows package has been updated to remove a CVE-2014-0160 vulnerability. Enhancement 3: [20954/TT284370] AMSP Hot Fix - The AMSP hot fix build 2.1.1227 has been integrated in Deep Security Agent. This hot fix is not available from the global iAU server 8.2.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0.3500 resolves the following issues: Issue 1: [22388/293465] After installation, Deep Security Agent 9.0 may not be able to start the Anti-malware Engine on the Windows 2012 R2 platform because of a corrupted registry entry. Solution 1: This Patch enables "helperSystemDriver.dll" to recover the Eyes registry before updating the Eyes module if the related registry is corrupted. This helps ensure that Deep Security Agent 9.0 can start the Antimalware Engine. --------------------------------------------------------------------- Issue 2: [21398/TT288694/TT291011] The Nginx web server on the Deep Security Relay could trigger high CPU usage issues. Solution 2: This Patch updates the Nginx web server on the Deep Security Relay to prevent the high CPU usage issues. --------------------------------------------------------------------- Issue 3: [21125/TT287994/TT285204] In a multi-tenant environment, when the Deep Security Feedback engine was enabled, the Windows Relay or Agent always reported that the Antimalware engine was offline. This issue occurred because the Agent's globally unique identifier (GUID) was not parsed correctly. Solution 3: This Patch ensures that the Agent's GUID is parsed correctly. --------------------------------------------------------------------- Issue 4: [20837/TT280863] On Windows, it took a long time to generate a Deep Security Agent diagnostic package if there was a large number of events logs. Solution 4: This Patch optimizes the sorting algorithm for Windows events collection and sets a limit to the total number of events that can be collected for each diagnostic package. These changes can help ensure that Deep Security Agent diagnostic packages can be generated faster in computers running Windows when there is a large number of event logs. --------------------------------------------------------------------- Issue 5: [17861/TT291755/TT289145] Deep Security Agent could not generate a diagnostic package in Agent-Initiated Mode if both IPv4 and IPv6 were available. Solution 5: This Patch makes changes to the RPC code to enable Deep Security Agent to use both dual stack translations of addresses to create diagnostic packages when both IPv4 and IPv6 are available in Agent-Initiated Mode instead of using one address only. --------------------------------------------------------------------- Issue 6: [20750] In the "Firewall Events" page of the Deep Security Manager console, whenever a Stateful was applied under the UDP Stateful Configuration while UDP traffic was being sent out, unsolicited UDP events were not added to the Firewall Logs. ~ Solution 6: This Patch ensures that the UDP Stateful Logging function in the "Firewall Events" page of the Deep Security Manager console works properly. --------------------------------------------------------------------- Issue 7: [21174] The real-time Integrity Monitoring of Deep Security Agent could no detect changes in files that had been deleted from the disk using "Shift+Delete" and then restored. Solution 7: This Patch ensures that real-time Integrity Monitoring can detect changes in these files. --------------------------------------------------------------------- Issue 8: [22589/TT291747] State transitions from closed state were not allowed during stateful connection inspection. Solution 8: This Patch enables Deep Security Agent to handle RST and FIN packets during stateful connection inspection. 8.3 Deep Security Agent 9.0.3044 ===================================================================== 8.3.1 Enhancements ===================================================================== Deep Security Agent 9.0.3044 adds the following enhancement: Enhancement: Windows Platform Support - Deep Security Agent now supports Windows 2012 R2 and Windows 8.1. 8.3.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0.3044 resolves the following issues: Issue 1: [19939/TT275919] Deep Security Agent triggered a memory leak issue while enumerating network interfaces and volumes. Solution 1: This hot fix prevents Deep Security Agent from enumerating objects to prevent the memory leak issue. --------------------------------------------------------------------- Issue 2: [19927] The Deep Security Agent Certificate Copyright information showed 2004-2012. Solution 2: This fix updated the Deep Security Agent Certificate Copyright information to 2004-2013. --------------------------------------------------------------------- Issue 3: [19656] Windows pop-up messages from Deep Security Notifier did not appear in Windows 2012 Server. Solution 3: This fix ensures that Windows pop-up messages from Deep Security Notifier appears when malware is detected on a Windows machine. --------------------------------------------------------------------- Issue 4: [19548] During Agent-initiated activation, if it took more than one minute for the Deep Security Agent to retrieve the configuration information from Deep Security Manager, Deep Security Agent timed out and sent an "update failed" message to Deep Security Manager. Solution 4: This Patch enables users to configure how long Deep Security Agent should wait for the configuration information from Deep Security Manager under this scenario. Setting this to a value more than 60 seconds can help prevent the issue. Procedure 4: To configure the timeout value: a. Install this Patch (see "Installation"). b. Open the "ds_agent.ini" file using a text editor. c. Add the following key and set an appropriate timeout value in seconds. ConfigurationUpdateWaitInSec=(timeout value in seconds) Note: This key can accept values up to 300 seconds (five minutes) which is the maximum amount of time that the sockets can be kept open. d. Save the changes and close the file. e. Restart the Deep Security Agent. --------------------------------------------------------------------- Issue 5: [20368] An issue with the handling of a particular exception in the Deep Security Agent NDIS driver could trigger blue screen of death (BSOD) on Windows machines. Solution 5: This Patch improves the exception-handling mechanism of the Deep Security Agent NDIS driver to prevent the problem. --------------------------------------------------------------------- Issue 6: [20222/TT281343] An invalid memory access error occurred on computers running on any Windows version when an SSL handshaking session on the Deep Security Agent used unsupported SSL ciphers. Solution 6: This Patch resolves this issue by preventing any SSL handshaking session on Deep Security Agents on Windows systems from using unsupported SSL ciphers. --------------------------------------------------------------------- Issue 7: [20559] When the "ds_agent" stopped unexpectedly on any Windows platform version, it generated a minidump file. However, a minidump file may not have enough information to determine why "ds_agent" stopped unexpectedly. Solution 7: This Patch enables "ds_agent" to generate a full dump file when it stops unexpectedly in any Windows platform version. --------------------------------------------------------------------- Issue 8: [20578] Deep Security Relay could stop unexpectedly while checking new security components. Solution 8: This Patch enables Deep Security Relay to handle the iAU module properly to prevent an exception error and ensure that it can check new security components properly. --------------------------------------------------------------------- Issue 9: [20671] Some DPI events did not appear on the "DPI Events" page of "ds_config.exe". Solution 9: This Patch increases the allotted buffer to enable "ds_config.exe" to read the "dsa_mpnp" log completely, which can help ensure that all DPI events appear on the "DPI Events" page of "ds_config.exe". 8.4 Deep Security Agent 9.0.2404 ===================================================================== 8.4.1 Enhancements ===================================================================== Deep Security Agent 9.0.2404 does not contain any enhancement. 8.4.1 Resolved Known Issues ===================================================================== Deep Security Agent 9.0.2404 does not resolve any known issue. 8.5 Deep Security Agent 9.0.2014 ===================================================================== 8.5.1 Enhancements ===================================================================== Deep Security Agent 9.0.2014 adds the following enhancement: Enhancement: Deep Security Notifier Localization - Deep Security Agent now supports Deep Security Notifier localization. 8.5.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0.2014 resolves the following issues: Issue 1: The self-protection feature of the AMSP processes "CoreFrameworkhost.exe" and "CoreServiceShell.exe" did not work. Solution 1: The post-install configuration has been changed to prevent Deep Discovery Agent from killing the "CoreServiceShell.exe" process. --------------------------------------------------------------------- Issue 2: Manual and scheduled antivirus scans did not work on mounted volumes. Solution 2: The AMSP plugUtilEnum module has been upgraded to resolve this issue. 8.6 Deep Security Agent 9.0.883 ===================================================================== 8.6.1 Enhancements ===================================================================== Deep Security Agent 9.0.883 adds the following enhancements: Enhancement 1: Anti-Malware Quick Scan - An Anti-Malware Quick Scan feature has been added to the Windows-based Deep Security Agent. Enhancement 2: IPv6 Firewall - Deep Security Agent now supports IPv6 Firewall. 8.6.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0.883 resolves the following issues: Issue 1: The Web Reputation Services (WRS) feature did not work through a proxy if the user name contained a backslash "\". Solution 1: The WRS feature now works in this scenario. --------------------------------------------------------------------- Issue 2: The ds_agent service could not start after an upgrade or a cold-boot. Solution 2: The triggering service dependency issue has been resolved. --------------------------------------------------------------------- Issue 3: A packet re-transmission issue triggered an "Invalid parameters in handshake" error. Solution 3: The packet re-transmission issue has been resolved. --------------------------------------------------------------------- Issue 4: When the Deep Security Relay is installed on a Windows XP or Windows 2003 platform, the web server (nginx) closes each time a user logs out from the computer. This prevents Deep Security Agent from updating components through the Deep Security Relay after a user logs out. Solution 4: This issue has been fixed by implementing a watchdog in "dsvp.exe", and restarting nginx if it has been terminated. --------------------------------------------------------------------- Issue 5: [Deep Security 8.0 Tier 2-00200] Point To Point Tunneling Protocol (PPTP) connection to a VPN server cannot be established while the Deep Security Agent is running. Solution 5: A few modifications in the advanced settings allows you to use PPTP with Deep Security. Procedure 5: To modify the settings: a. Log on to Deep Security Manager and go to the "Computer Settings > Network Engine" tab. b. Make the following changes in the Advanced Network Engine Settings: Filter IPV4 Tunnels: Disable detection of IPV4 Tunnels Maximum Tunnel Depth: 4 Action if Maximum Tunnel Depth Exceeded: Bypass c. Click "Save". Note: For a new installation of 9.0 Service Pack 1, the settings described in the procedure are set to default values. --------------------------------------------------------------------- Issue 6: [Deep Security 8.0 Tier 2-00136] When you activate a Deep Security Agent that has been installed with Anti-Malware protection enabled, the Agent immediately downloads the latest Anti-Malware components (virus patterns, detection engines, etc.) from the Deep Security Relay. But if you install a Deep Security Agent without Anti-Malware protection enabled and then subsequently enable Anti-Malware protection from the Deep Security Manager, the component update will not occur until the next heartbeat. Solution 6: Users can now force a component update if they do not want to wait until next heartbeat. Procedure 6: To run a component update: a. Select the computer in the Deep Security Manager "Computers" page. b. Right-click it, and select "Actions > Update Components". Note: Anti-Malware protection will take effect on the computer after the component update. This release includes all resolved issues that were resolved in Deep Security Agent 8.0 Service Pack 2 except those explicitly listed in section 7, "Known Issues". 9. Files Included in this Release ======================================================================== This release is a complete installation. Use one of the following files to install this release: Agent-Windows-9.0.0-5001.x86_64.msi (64-bit) Agent-Windows-9.0.0-5001.i386.msi (32-bit) Relay-Windows-9.0.0-5001.x86_64.msi (64-bit) Relay-Windows-9.0.0-5001.i386.msi (32-bit) Notifier-Windows-9.0.0-5001.i386.msi (32-bit and 64-bit) 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our website. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, go to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen will display. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Copyright 2015, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Deep Security, and "deep security solutions" are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ 13. Third Party Software ======================================================================== Deep Security employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [Install Directory]\licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2015 Trend Micro Inc. All rights reserved. Published in Canada.