~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security(TM) Agent 9.0 Service Pack 1 Patch 5 and Deep Security Relay 9.0 Service Pack 1 Patch 5 for Linux(TM) Deep Security Agent Platforms: Linux Red Hat(TM) 5 (32-bit and 64-bit), Red Hat 6 (32-bit and 64-bit), Linux CentOS 5 (32-bit and 64-bit), CentOS 6 (32-bit and 64-bit), Oracle Linux 5 (32-bit and 64-bit), Oracle Linux 6 (32-bit and 64-bit), SuSE(TM) 11, SuSE 11 Service Pack 1 (32-bit and 64-bit), SuSE Service Pack 2 (32-bit and 64-bit), SuSE 10 Service Pack 3 (32-bit and 64-bit), SuSE 10 Service Pack 4 (32-bit and 64-bit), Amazon(TM) AMI (32-bit and 64-bit), Ubuntu Linux 10.04 (64-bit), Ubuntu Linux 12.04 (64-bit), Cloud Linux 5 (32-bit and 64-bit), Cloud Linux 6 (32-bit and 64-bit) Deep Security Relay Platforms: Red Hat 5 (64-bit), Red Hat 6 (64-bit), CentOS 5 (64-bit), CentOS 6 (64-bit) SuSE 11 (32-bit and 64-bit), SuSE 11 Service Pack 1 (32-bit and 64-bit), SuSE 11 Service Pack 2 (32-bit and 64-bit), SuSE 10 Service Pack 3 (32-bit and 64-bit), SuSE 10 Service Pack 4 (32-bit and 64-bit), Kernel Support in this release: Please refer to the Deep Security 9.0 Service Pack 1 Patch 5 kernel support document. Agent-based Anti-Malware not supported on: Red Hat 5 (32-bit), Red Hat 6 (32-bit), CentOS 5 (32-bit), CentOS 6 (32-bit), Oracle Linux 5 (32-bit), Oracle Linux 6 (32-bit), SuSE 10 (32-bit), SuSE 11 (32-bit), Amazon Linux (32-bit) Ubuntu Linux 10.04 (64-bit), Ubuntu Linux 12.04 (64-bit) Date: May 15, 2015 Release: 9.0 Service Pack 1 Patch 5 Build Version: 9.0.0.5000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the click-through license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: http://us.trendmicro.com/us/solutions/enterprise/security-solutions/ virtualization/deep-security/ Download the latest version of this readme from the "Software" page at the Trend Micro Download Center website: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any other Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security Agent 9.0 Service Pack 1 Patch 5 1.1 Overview of this Release 1.2 Who Should Install this Release 1.3 Support Expiration Notice 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Known Incompatibilities 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third Party Software =================================================================== 1. About Deep Security Agent 9.0 Service Pack 1 Patch 5 ======================================================================== 1.1 Overview of this Release ===================================================================== Deep Security Agent 9.0 Service Pack 1 Patch 5 for Linux contains solutions for several issues. Refer to the "What's New" section of this readme file for more information. 1.2 Who Should Install this Release ===================================================================== You should install Deep Security Agent 9.0 Service Pack 1 Patch 5 if you are currently running Deep Security Agent 7.0, 7.5, 8.0, or 9.0. 1.3 Support Expiration Notice ===================================================================== Please refer to Trend Micro Download Center or Support website for Information about product support expiration notice. Please visit the Trend Micro Download Center website to download the latest releases at: http://downloadcenter.trendmicro.com/ 2. What's New ======================================================================== For major changes in Deep Security Agent 9.0 from previously released versions of Deep Security Agent, refer to the "What's New in Deep Security Agent 9 Service Pack 1" section of the Deep Security Manager's online help, the Deep Security Agent Administrator's Guide, or Deep Security Agent Installation Guide available for download from the Trend Micro Download Center. 2.1 Enhancements ===================================================================== Deep Security Agent 9.0 Service Pack 1 Patch 5 for Linux does not add any enhancement. 2.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0 Service Pack 1 Patch 5 for Linux resolves the following issues: Issue 1: [24708] The Deep Security Agent could not start because it could not find some IM file mapping. Solution 1: The file mapping code for the Linux platform was updated to use parameters that avoid the error. Files are successfully mapped and baselined. --------------------------------------------------------------------- Issue 2: [24996/TT306410] In a certain Linux environment, the Deep Security Agent's openSSL digest method failed to hand null data, which caused crashes when running recommendation scans. Solution 2: Added null checking code to guard the digest algorithm. --------------------------------------------------------------------- Issue 3: [25234/TT309541] The Deep Security Agent packet processing driver generates a Linux log when it re-assembles a fragmented data packet. These logs are generated for both allowed and blocked data packets when the log level is set to "ERROR". In this scenario, a large number of logs may be generated, which could cause heavy log traffic. Solution 3: This Patch enables the packet processing driver to generate an error log if the re-assembled packet is blocked and an info log if the packet is allowed. This means that if the system log level is "WARNING" or "ERROR", the packet processing driver will generate logs for blocked packets only. --------------------------------------------------------------------- Issue 4: [24210] A memory leak happened in Malware Program scan on-demand scan Solution 4: This patch fixes the memory leak. --------------------------------------------------------------------- Issue 5: [27146/TT314852] "TCP RST" and "TCPv6 RST" kernel messages were logged in the messages file of Linux machines, making the messages file noisy. Solution 5: This Patch fixes this issue. --------------------------------------------------------------------- Issue 6: [28269/TT319204] The Deep Security Agent uses OpenSSL version 0.9.8zb. The OpenSSL fixed a number of security vulnerabilities in its new version 0.9.8zf. Solution 6: The Deep Security Agent and Relay has been upgraded to the OpenSSL version 0.9.8zf --------------------------------------------------------------------- Issue 7: The Deep Security 9.5 Manual Anti-Malware scan engine could potentially fail to detect malware if it was located in a directory with certain specific characteristics. Solution 7: This patch will send alerts to Deep Security Manager to indicate that administrators need to check the path manually. The alert is "Files were not scanned because the file path exceeded the maximum file path length limit." 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Deep Security Agent 9.0 Service Pack 1 Patch 5 Installation Guide (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you deploy Deep Security Agent smoothly. o Deep Security Agent 9.0 Service Pack 1 Patch 5 Administrator's Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security Agent. o Readme files -- version enhancements, known issues, and release history. There is one readme for each installable Deep Security component: Manager, Agent (including Relay and Notifier), Virtual Appliance, and ESXi Filter Driver. o Electronic versions of the manuals are available at: http://docs.trendmicro.com/en-us/enterprise/deep-security.aspx o Online help -- Context-sensitive help screens that provide guidance for performing a task. o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the "Deep Security Agent 9.0 Service Pack 1 Patch 5 Installation Guide". 5. Installation/Uninstallation ======================================================================== Refer to the "Deep Security Agent 9.0 Service Pack 1 Patch 5 Installation Guide" available for download at: http://docs.trendmicro.com/en-us/enterprise/deep-security.aspx For CentOS 5, you can use the Red Hat 5 rpm; for CentOS 6 use the Red Hat 6 rpm. 6. Known Incompatibilities ======================================================================== There are no known incompatibilities for this release. 7. Known Issues ======================================================================== The following are the known issues for this release: - In a cloud provider environment, if the "Enable regular synchronization with Cloud Provider" option is disabled, changing the Deep Security Agent hostname will disrupt the communication between Deep Security Manager and Deep Security Agent. Trend Micro strongly recommends keeping the "Enable regular synchronization with Cloud Provider" option ON. - Intrusion Prevention (DPI) is not supported over SSL connections when using IPv6. - Because the Deep Security Relay server does not support a component rollback, if a rollback is performed on a Deep Security Relay, the components listed in Deep Security Manager may not match the actual versions available on the Deep Security Relay Server. The next update of components will re-synch the component versions displayed in Deep Security Manager. [Deep Security 8.0 Tier 2-00180] - SYN Flood protection is only supported on versions 7.5 or earlier of the Windows Agents and on versions 7.5 or earlier of the Virtual Appliance. It is not supported on versions 7.5 Service Pack 1 or later of the Windows Agents or versions 7.5 Service Pack 1 or later of the Virtual Appliance. It is not supported on any version of the Linux or Solaris Agents. - CentOS uses the Red Hat Agent installer package. Therefore, it shows up as Red Hat in the Deep Security Manager. - Log entries (Firewall and IPS Events) for OUTGOING traffic show zero-ed out MAC addresses. - When the network engine is working in TAP mode and the in-guest agent is offline, the Deep Security Virtual Appliance status will be "Stand By". When this occurs, Deep Security Virtual Appliance is actually online and DPI/FW events will still be logged when rules are triggered. - Log Inspection event logs are limited to 6000 characters. 8. Release History ======================================================================== See the following website for more information about updates to this product: http://www.trendmicro.com/download - Deep Security Agent 9.0.0.4000, October 07, 2014 - Deep Security Agent 9.0.0.3500, May 30, 2014 - Deep Security Agent 9.0.0.3044, December 6, 2013 - Deep Security Agent 9.0.0.2404 September 05, 2013 - Deep Security Agent 9.0.0.2008 and 9.0.0.2009, May 21, 2013 - Deep Security Agent 9.0.0.883, January 30, 2013 8.1 Deep Security Agent 9.0.4000 ===================================================================== 8.1.1 Enhancements ===================================================================== Deep Security Agent 9.0.4000 adds the following enhancements: Enhancement: [23202/TT291747] TCP Connections - This Patch improves the way Deep Security Agent handles TCP connections to prevent frequent interruptions caused by timeout issues. 8.1.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0.4000 resolves the following issues: Issue 1: [21735/TT290927] When the Firewall stateful inspection silently dropped packets that matched the LOGONLY Firewall rule, users received a Firewall "deny" event notification instead of a notification for the "logonly" event. Solution 1: This Patch ensures that users receive a Firewall "logonly" event when the Firewall stateful inspection silently drops packets that match the LOGONLY Firewall rule. --------------------------------------------------------------------- Issue 2: [23272/TT296634] Under certain conditions, a configuration error occurred during diagnostic package generation, which resulted in some missing files. Solution 2: This Patch updates the diagnostic package generation script to ensure that generated diagnostic packages always contain the required files. --------------------------------------------------------------------- Issue 3: [23404/TT295780] When the Deep Security Agent for Linux is terminated using the SIGTERM signal, an important section of code that terminates and cleans up the ds_am thread is bypassed because the "#if defined" block protecting it does not check for the "TB_DSA_LINUX" macro definition. As a result, the termination process goes into a partially cleaned up state which could trigger a segmentation fault if another SIGTERM signal is sent. Solution 3: This Patch enables the "#if defined" block to check the definition of the "TB_DSA_LINUX" macro and to execute the block if it is defined. --------------------------------------------------------------------- Issue 4: [23608/TT295719] In general, file names should be encoded in UTF-8 on Linux but Linux does not enforce this, which forces applications on Linux systems to handle non-UTF-8 encoded file names. Since Deep Security Agent is designed to handle UTF-8 encoding, it may not be able to record file paths in event logs if the file name is encoded in multibyte encoding. Solution 4: Since Deep Security products are not intended to support multibyte encoding at this time, this hot fix provides a workaround for the issue. If Deep Security detects non-UTF-8 encoding in a file path, it will convert the file path to a hex string that can be used to manually decode the information later, during event analysis. --------------------------------------------------------------------- Issue 5: [23848] Deep Security Relay 9.0 used a version of the Nginx web server and its statically linked OpenSSL that were affected by several vulnerabilities. Solution 5: This Patch updates the Nginx web server program and the statically linked OpenSSL in Deep Security Relay 9.0 to remove the vulnerabilities. --------------------------------------------------------------------- Issue 6: [24099/TT298199/TT299263] On the Red Hat and Amazon for Linux platforms, an error- handling issue could cause the Deep Security Agent to enter an infinite loop while communicating with the Deep Security Manager. When this happens, the Deep Security Agent could use up 100% of its CPU resources. Solution 6: This Patch adds the necessary error-handling mechanism to help prevent Deep Security Agent from going into an infinite loop while communicating with the Deep Security Manager. --------------------------------------------------------------------- Issue 7: [24169/TT299531] If users update a Deep Security Relay in Linux without downloading the latest file, the new Deep Security Rule Updates file will not be imported. This issue does not occur when Deep Security Relay has been uninstalled and then reinstalled. Solution 7: This hot fix modifies the upgrade process for Deep Security Relay on Linux to help ensure the consistency between the "/var/opt/ds_agent/lib/product.xml" file and the contents of the "/var/opt/ds_agent/lib" directory. This prevents the condition that blocks the import of new Deep Security Rule Updates files after Deep Security Relay upgrades. --------------------------------------------------------------------- Issue 8: [24387/TT305674] Dependency errors like the one below could appear when a user installed Deep Security Agent 9.0 on SuSE Enterprise Server 11 Service Pack 3: " Failed dependencies: libstdc++ >= 3.2 is needed by ds_agent-9.0.0-3500.x86_64" Solution 8: This Patch removes the dependency requirement from the Deep Security Agent installation specification, which allows users to install Deep Security Agent on the SuSE Enterprise Server 11 Service Pack 3 platform. 8.2 Deep Security Agent 9.0.3500 ===================================================================== 8.2.1 Enhancements ===================================================================== Deep Security Agent 9.0.3500 adds the following enhancements: Enhancement: [22450] Deep Security Agent dsa_control Utility – The following two switches have been added for the dsa_control utility to help users run Integrity Monitoring Scans from the dsa_control command line. - --buildBaseline - --scanForChanges 8.2.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0.3500 resolves the following issues: Issue 1: [22586/TT294066] Sometimes, Deep Security Agent stopped unexpectedly in a Linux "bonded" interface environment. Solution 1: This Patch improves the reference count handling of the physical interface MAC addresses, to prevent Deep Security Agent from stopping unexpectedly in a Linux "bonded" interface environment. --------------------------------------------------------------------- Issue 2: [22434/TT294954] An obsolete Deep Security feature triggered ds_agent to make changes to the "min_free_kbytes" setting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Patch rolls back the change triggered by the obsolete feature. --------------------------------------------------------------------- Issue 3: [22352/TT294157] When a Deep Security Agent 9.0 that is localized in Japanese sent logs to the syslog server, the month information in the logs was also in Japanese. This violates the Common Event Format (CEF). Solution 3: This Patch ensures that when a Deep Security Agent 9.0 that is localized in Japanese sends logs to the syslog server, it sends the month information in English. --------------------------------------------------------------------- Issue 4: [21639/TT291201] An "Engine Command Failed" error message appeared while Deep Security Agent created a diagnostic package. Solution 4: This Patch removes an obsolete engine command to prevent the error so Deep Security Agent can generate diagnostic packages successfully. --------------------------------------------------------------------- Issue 5: [21489/TT290258] The Deep Security Agent for Linux rpm file contained a library that is also used by some third-party programs. If users installed a third-party program that is dependent on this library on a YUM server where the Deep Security Agent for Linux was installed, the YUM server would redeploy the Deep Security Agent for Linux rpm file again instead of pulling down the library only. This added unnecessary tasks to the YUM server's load. Solution 5: This Patch removes the shared library from the Deep Security Agent for Linux rpm file. --------------------------------------------------------------------- Issue 6: [21387/TT290057] When a policy was being applied to Deep Security Agent, it added unnecessary trace severity entries to syslog. Solution 6: This Patch adjusts the trace severity settings to prevent these from changing the debug level. This prevents Deep Security Agent from adding unnecessary trace severity entries to syslog. --------------------------------------------------------------------- Issue 7: [20903] After a policy was deployed, the logging level returned to "0" (the default logging level), which disabled all logging activities, including the generation of error logs. Solution 7: This Patch changes the default logging level to "1", which enables Error/Alert/Critical logging. --------------------------------------------------------------------- Issue 8: [17861/TT291755/TT289145] Deep Security Agent would not generate a diagnostic package in Agent-Initiated Mode if both IPv4 and IPv6 were available. Solution 8: This Patch makes changes to the RPC code to enable Deep Security Agent to use both dual stack translations of addresses to create diagnostic packages when both IPv4 and IPv6 are available in Agent-Initiated Mode, instead of using one address only. --------------------------------------------------------------------- Issue 9: [22373/TT294304] When the Deep Security Agent was updated from any older version to version 9.0 Service Pack 1 Patch 1 or later versions, the Deep Security filter driver added the full debug trace log to the syslog by default. Solution 9: This Patch enables Deep Security Agent to ignore invalid trace severity settings to prevent it from changing the log level to "debug". --------------------------------------------------------------------- Issue 10: [21154/TT288372] Sometimes, Deep Security Agent for Amazon Linux ran out of memory while it queried machine information because it did not release memory properly. Solution 10: This Patch enables Deep Security Agent for Linux to release memory resources properly and promptly to help ensure that it does not run out of memory while performing tasks. --------------------------------------------------------------------- Issue 11: [21005/TT285433/ TT284369] A particular DROP DPI rule could cause kernel panic while the engine processed certain data packets. This could trigger the engine to stop unexpectedly while processing subsequent data packets on the same connection. Solution 11: This Patch enables the Deep Security Agent to prevent the engine from accepting more data when the kernel panic occurs, which can help ensure that the engine does not stop unexpectedly. --------------------------------------------------------------------- Issue 12: [20750] In the "Firewall Events" page of the Deep Security Manager console, whenever a Stateful Policy was applied under the UDP Stateful Configuration while UDP traffic was being sent out, unsolicited UDP events were not added to the Firewall Logs. Solution 12: This Patch ensures that the UDP Stateful Logging function in the "Firewall Events" page of the Deep Security Manager console works properly. 8.3 Deep Security Agent 9.0.3044 ===================================================================== 8.3.1 Enhancements ===================================================================== Deep Security Agent 9.0.3044 adds the following enhancements: Enhancement 1: SAP Integration – Deep Security Agent now supports SAP integration in SuSE 11 Service Pack 1 with Xen Kernel. Deep Security already supports SAP integration, however, Deep Security Virtual Appliances do not support SAP integration at this stage. Enhancement 2: Trend Micro Secure Cloud – Support for Trend Micro Secure Cloud integration is continued from Deep Security 9.0 Service Pack 1 Patch 1 release. Enhancement 3: CloudLinux Support – Deep Security Agent now supports both x86 and x64 versions of the CloudLinux 5 and 6 operating systems. 8.3.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0.3044 resolves the following issues: Issue 1: [20273] Deep Security Agent 9.0 did not support DES encryption on 64-bit Linux machines. Solution 1: This Patch enables Deep Security Agent 9.0 to support DES encryption on 64-bit Linux machines --------------------------------------------------------------------- Issue 2: [20310/TT282169] Deep Security Manager received a notice from the Deep Security Relay that a Security Update was successful even when the Proxy Server was down during the update. Solution 2: This Patch enables Deep Security Relay to add an error log in System Events when the Proxy Server is down and to send the corresponding update error event to Deep Security Manager under this scenario. --------------------------------------------------------------------- Issue 3: [20275/TT282455] A deadlock issue in ds_agent prevented Deep Security Agent from starting when Deep Security was configured to use a local Smart Protection Server. Solution 3: This Patch resolves the dead lock issue to ensure that ds_agent can respond to Deep Security Manager and Deep Security Agent can start successfully when Deep Security Manager uses a local Smart Protection Server. --------------------------------------------------------------------- Issue 4: [20257/TT281626] When users removed virtual devices, the Deep Security Agent filter driver sometimes did promptly update the reference count of network devices, which could prevent users from removing virtual devices properly. When this happened, some applications would stop responding and the following error appeared in the syslog: kernel: unregister_netdevice: waiting for xxx to become free. Usage count = 1 Solution 4: This Patch enables the Deep Security Agent filter driver to promptly and correctly update the reference count of network devices, which resolves this issue. --------------------------------------------------------------------- Issue 5: [20085/TT279806] The ds_agent closed unexpectedly during updates through Deep Security Relay because the update module stopped unexpectedly during incremental pattern merge. Solution 5: This Patch upgrades the update module to resolve this issue. --------------------------------------------------------------------- Issue 6: [20013/TT276927] When the "Ignore Status Code" Advanced N.E.S. was set to "Invalid IPv6 Address", Deep Security Manager still received a F/W event from Deep Security Agents and Deep Security Virtual Appliances. This occurred because the IPv6 policy was not enabled in Deep Security Agent 9.0 Service Pack 1. Solution 6: This Patch enables the corresponding IPv6 policy, which resolves this issue. --------------------------------------------------------------------- Issue 7: [19970/TT277757] "service-network-stop" stopped responding in a Linux bonded interface environment. Solution 7: This Patch enables Deep Security Agent to correctly calculate the reference count of MAC addresses of physical interfaces. This resolves the issue. --------------------------------------------------------------------- Issue 8: [20183/TT282021] A file handle leak issue occurred when Deep Security Manager checked for Debian software on the computer. When the number of Debian software exceeded the limit, Deep Security Manager would show a "get events failed" error. Solution 8: This Patch resolves the file handle leak issue. --------------------------------------------------------------------- Issue 9: [20571/TT281051] Deep Security Agent could incorrectly detect a change in the bridged network interface, triggering it to generate invalid network change events. Solution 9: This Patch enhances the network interface monitoring logic to prevent this issue. --------------------------------------------------------------------- Issue 10: [20210] Deep Security 8.0 Service Pack 2 supports the custom Integrity Monitoring Rule that allows users to define the portset based on users. However, Deep Security 9.0 Service Pack 1 does not support this custom rule. Solution 10:This Patch ensures that ports are listed properly to allow users to define the portset based on users. 8.4 Deep Security Agent 9.0.2404 ===================================================================== 8.4.1 Enhancements ===================================================================== Deep Security Agent 9.0.2404 does not add any enhancement. 8.4.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0.2404 resolves the following issues: Issue 1: [19514] It could take a long time to copy files between two Windows Server machines on a 10 GB physical network. Solution 1: This Patch resolves an issue in the NDIS receive handler to ensure that data packets are transferred faster. --------------------------------------------------------------------- Issue 2: [19143] Users could not create more than 6 SSL configurations in the "Computer > Intrusion Prevention > Advanced > SSL Configuration" page. Solution 2: This Patch enables users to create more than 6 SSL configurations. --------------------------------------------------------------------- Issue 3: [19482] A trailing "=" character could cause false-positive results and trigger the DPI engine to drop the packet due to an "Illegal character in URI" error. Solution 3: This Patch ensures that Deep Security Agent can handle the "=" character to prevent false-positive results. --------------------------------------------------------------------- Issue 4: [19465] Users could not access certain websites while the Web Reputation Service (WRS) was enabled because incoming HTTP responses were dropped and not retransmitted. Solution 4: This Patch ensures that incoming http responses are not dropped, which resolves the issue. Note: A specific configurable setting needs to be changed on Deep Security Manager 9.0 Service Pack 1 Hot Fix 5380 to enable the fix. Please refer to release note for detailed instructions. --------------------------------------------------------------------- Issue 5: [19706] On the Windows 8 platform, a memory buffer overrun issue triggers blue screen of death (BSOD) when users access websites while WRS is enabled. Solution 5: This Patch prevents the memory overrun issue. 8.5 Deep Security Agent 9.0.2008 and 9.0.2009 ===================================================================== 8.5.1 Enhancements ===================================================================== Deep Security Agent 9.0.2008 and 9.0.2009 add the following enhancement: Enhancement: Oracle Linux Support - Deep Security Agent now supports Oracle Linux. 8.5.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0.2008 and 9.0.2009 resolve the following issues: Issue 1: Deep Security Agent could not generate a diagnostic package when it was in Agent-Initiated communication while both IPv4 and IPv6 were available. Solution 1: The RPC code now uses "all" addresses translated by Dual Stack instead of the first address, which enables Deep Security Agent to generate a diagnostic package in the scenario described above. --------------------------------------------------------------------- Issue 2: Installing Deep Security Agent automatically disabled the IP tables. Solution 2: The IP tables are no longer disabled after installing Deep Security Agent, which allows Deep Security Agent to support iptables firewall. --------------------------------------------------------------------- Issue 3: Sometimes, Integrity Monitoring/Anti-Malware scans could use up all of the CPU resources. Solution 3: A hidden global setting has been added to allow users to set the CPU usage during Integrity Monitoring/ Anti-Malware scans to either high, medium, or low. This setting is available in the following platforms: - Linux Red Hat 5 64-bit - AIX(TM) 5.3 - Solaris 10 Sparc 8.6 Deep Security Agent 9.0.883 ===================================================================== 8.6.1 Enhancements ===================================================================== Deep Security Agent 9.0.883 does not contain any enhancement. 8.6.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.0.883 resolves the following issues: Issue 1: [Deep Security 8.0 Tier 2-00200, FB 14340] Point To Point Tunneling Protocol (PPTP) connection to a VPN server could not be established while the Deep Security Agent was running. Solution 1: You can now modify some advanced settings to be able to use PPTP with Deep Security. Procedure 1: To modify the settings: a. Log on to Deep Security Manager and go to the "Computer Settings > Network Engine" tab. b. Make the following changes in the Advanced Network Engine Settings: Filter IPV4 Tunnels: Disable detection of IPV4 Tunnels Maximum Tunnel Depth: 4 Action if Maximum Tunnel Depth Exceeded: Bypass c. Click "Save". Note: For a new installation of Deep Security Agent 9.0 Service Pack 1, the settings described in the procedure are set to default values. --------------------------------------------------------------------- Issue 2: [Deep Security 8.0 Tier 2-00230, FB 14377] When installing Deep Security Agent on Ubuntu, you may see the following messages: update-rc.d: warning: ds_filter start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (3 5) update-rc.d: warning: ds_filter stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (0 1 2 6) Solution 2: These messages can be safely ignored. This release includes all resolved issues that were resolved in Deep Security Agent 8.0 Service Pack 2 except those explicitly listed in section 7, "Known Issues". 9. Files Included in this Release ======================================================================== This release is a complete installation. Use one of the following files, depending on your installation platform: Agent-RedHat_EL5-9.0.0-5000.i386.rpm Agent-RedHat_EL5-9.0.0-5000.x86_64.rpm Relay-RedHat_EL5-9.0.0-5000.x86_64.rpm Agent-RedHat_EL6-9.0.0-5000.i686.rpm Agent-RedHat_EL6-9.0.0-5000.x86_64.rpm Relay-RedHat_EL6-9.0.0-5000.x86_64.rpm Agent-Oracle_OL5-9.0.0-5000.i386.rpm Agent-Oracle_OL5-9.0.0-5000.x86_64.rpm Agent-Oracle_OL6-9.0.0-5000.i686.rpm Agent-Oracle_OL6-9.0.0-5000.x86_64.rpm Agent-SuSE_10-9.0.0-5000.i586.rpm Agent-SuSE_10-9.0.0-5000.x86_64.rpm Agent-SuSE_11-9.0.0-5000.i586.rpm Agent-SuSE_11-9.0.0-5000.x86_64.rpm Agent-Ubuntu_10.04-9.0.0-5000.x86_64.deb Agent-Ubuntu_12.04-9.0.0-5000.x86_64.deb Agent-amzn1-9.0.0-5000.i686.rpm Agent-amzn1-9.0.0-5000.x86_64.rpm Agent-CloudLinux_5-9.0.0-5000.i386.rpm Agent-CloudLinux_5-9.0.0-5000.x86_64.rpm Agent-CloudLinux_6-9.0.0-5000.i686.rpm Agent-CloudLinux_6-9.0.0-5000.x86_64.rpm For CentOS 5 Agent or Relay, use the Red Hat 5 packages. For CentOS 6 Agent or Relay, use the Red Hat 6 packages. Please refer to the Supported Linux Kernels documents for a list supported kernels for all packages. 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our website. Global Mailing Address/Telephone Numbers: For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Copyright 2015, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Deep Security, and "deep security solutions" are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ 13. Third Party Software ======================================================================= The 3rd party software is subject to the licenses available in the following directory: [INSTALL DIRECTORY]\Licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. The Deep Security Agent has a kernel interface layer that is compiled specifically for each Linux kernel. Trend Micro install packages for Linux are provided with precompiled versions for the supported Linux distributions. Trend Micro distributes source code and build materials for the kernel interface layer by request made to: http://esupport.trendmicro.com/srf/srfmain.aspx with a Subject field of "Kernel Interface Layer Source Code". ======================================================================== (C) 2015 Trend Micro Inc. All rights reserved. Published in Canada.