<<USE COURIER REGULAR 10 FONT IF YOU WOULD LIKE TO PRINT THIS DOCUMENT>>


  Trend Micro Incorporated                            March 6, 2023

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           Trend Micro(TM) ServerProtect(TM) for Linux(TM) 3.0
                   Kernel Hook Module (KHM) 3.0.1.0026
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  TERMS AND CONDITIONS: This module was developed by Trend Micro, Inc.  
     This module has received limited testing and is for your internal 
     use only. THIS MODULE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY 
     KIND. TREND MICRO MAKES NO WARRANTY ABOUT THE OPERATION OR 
     PERFORMANCE OF THIS MODULE NOR DOES IT WARRANT THAT THIS MODULE IS 
     ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO 
     DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT 
     LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, 
     NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. THIS MODULE 
     IS SUBJECT TO CHANGE AND MODIFICATION, INCLUDING, WITHOUT 
     LIMITATION, CHANGES AND MODIFICATIONS WITH RESPECT TO PERFORMANCE 
     AND FUNCTIONALITY ANY TIME AT THE SOLE DISCRETION OF TREND MICRO.

       
     Contents
     =========================================================
 
     1.  About the Kernel Hook Module

     2.  What's New

         2.1 Resolved Known Issues
   
         2.1 Enhancements

     3.  Documentation Set

     4.  System Requirements

     5.  Installation

         5.1 Updating

         5.2 Installing

         5.3 Uninstalling

     6.  Post-installation Configuration

     7.  Known Issues

     8.  Release History

         8.1 Prior Releases

     9.  Contact Information

     10. About Trend Micro

     11. License Agreement

     =========================================================


  1. About the Kernel Hook Module
  ======================================================================
     The Kernel Hook Module (KHM) in ServerProtect for Linux hooks Linux 
     file operating system calls and passes information to the scan 
     engine. Without the KHM, ServerProtect cannot perform real-time 
     scans.

     Trend Micro has released KHMs for the following officially-
     supported platforms: 

     - Red Hat(TM) Enterprise Linux 4
     - Red Hat Enterprise Linux 5
     - Red Hat Enterprise Linux 6
     - Red Hat Enterprise Linux 7
     - Red Hat Enterprise Linux 8
     - Red Hat Enterprise Linux 9
     - CentOS 4
     - CentOS 5
     - CentOS 6
     - CentOS 7
     - CentOS 8
     - SuSE(TM) Linux Enterprise Server 10
     - SuSE Linux Enterprise Desktop 10
     - SuSE Linux Enterprise Server 11
     - SuSE Linux Enterprise Desktop 11
     - SuSE Linux Enterprise Server 12
     - SuSE Linux Enterprise Desktop 12
     - SuSE Linux Enterprise Server 15
     - SuSE Linux Enterprise Desktop 15
 
     You can also download KHMs for these platforms from the Trend Micro
     website. If your platform is not on the list, you can build the 
     KHM on your Linux system from the source code included in the
     installation package. 

     NOTE: Trend Micro does not guarantee nor support KHMs that are not
           provided by Trend Micro.


  2. What's New
  ======================================================================
   
     2.1 Resolved Known Issues
     ===================================================================
     NOTE: KHM 3.0.1.0028 includes all fixes released in pervious
           versions. Refer to Section 8 for more information.
        
     This new version resolves the following issue:

     Issue:      The KHM does not support the following platform version:

                 - Red Hat Enterprise Linux 9.3
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution:   KHM 3.0.1.0028 supports the platform version specified
                 above.


     2.2 Enhancements
     ===================================================================
     There are no enhancements in this release.


  3. Documentation Set
  ======================================================================
     To download or view electronic versions of the documentation set 
     for this product, go to http://docs.trendmicro.com

 
  4. System Requirements
  ======================================================================
     The following are the minimum system requirements to build a KHM 
     successfully:

     - GCC
     - GNU Make
     - the corresponding kernel source and configuration file for your 
       running kernel

     The KHM source code that Trend Micro provides only enables you to
     build a KHM for your kernel. 


  5. Installation
  ======================================================================
     This section explains key steps for installing the release.


     5.1 Updating
     ===================================================================
     To update the KHM package:
  
     1. Download the new KHM package from the Update Center.
   
     2. Log on as a root user.  
   
     3. Create a backup of the old KHM source by running the following
        commands:
   
        # cd /opt/TrendMicro/SProtectLinux/SPLX.module/src/
        # tar -zcvf splx_kernel_module-bak-<VERSION_NUMBER>-src.tar.gz *

        NOTE: <VERSION_NUMBER> should be replaced by the actual version 
              number of the KHM source package that was downloaded in 
              step 1. For example, if the downloaded package is 
              "splx_kernel_module-3.0.1.0026-src.tar.gz", then
              <VERSION_NUMBER> is "3.0.1.0026".
         
     4. Copy the "tar.gz" file to a working directory, for example, 
        "/home/workdir".
      
     5. Run the following command to update the KHM source files:
          
        # tar -zxvf splx_kernel_module-<VERSION_NUMBER>-src.tar.gz -C 
          /opt/TrendMicro/SProtectLinux/SPLX.module/src/

     5.2 Installing
     ===================================================================
     Refer to the INSTALL file for details on building and installing 
     the KHM. 

     NOTE: Before you begin the installation, make sure you:

           - have the configured Linux kernel source on your system:

             - For Red Hat Enterprise Linux and CentOS, install the 
               "kernel-devel" package.
  
             - For SuSE Linux Enterprise Server/Desktop, install the
               "kernel-source" and "kernel-syms" packages.
                      
           - Run the following command on the Red Hat Enterprise 
             Linux 7, Red Hat Enterprise Linux 8, CentOS 7, or 
             CentOS 8 operating system.
          
             # cp /usr/include/linux/version.h 
                /lib/modules/$(uname -r)/build/include/linux/

     The following commands outline the general build procedure:

     # /etc/init.d/splx stop
     # cd /opt/TrendMicro/SProtectLinux/SPLX.module/src/module
     # make
     # make test
     # make install
     # /etc/init.d/splx start


     5.3 Uninstalling
     ===================================================================
     To roll back to the previous build:

     1. Run the following commands using the KHM source file from step 3 
        of Section 5.1: 

     # cd /opt/TrendMicro/SProtectLinux/SPLX.module/src/
     # tar -zxvf splx_kernel_module-bak-<VERSION_NUMBER>-src.tar.gz
     
     2. Follow the build procedure in Section 5.2 to build using the old 
        KHM src.

 
  6. Post-installation Configuration
  ======================================================================
     No post-installation steps required.

     NOTE: Trend Micro recommends that you update your scan engine and  
           virus pattern files immediately after installing the product.
  

  7. Known Issues
  ======================================================================
     Since the Linux kernel is updated from time to time, Trend Micro
     cannot guarantee that this source code will continue to work well 
     with the latest kernel source. Trend Micro will update the KHM 
     source code as new Linux kernels are released.

     Please visit the Trend Micro website to get the latest KHM source 
     code.

     Trend Micro recommends modifying the KHM source code for your 
     Linux kernel. Refer to Section 5.1 for specific steps to update
     the source code. 


  8. Release History
  ======================================================================
     For more information about updates to this product, go to:

     http://www.trendmicro.com/download


     8.1 Prior Releases
     ===================================================================
     NOTE: Only this version was tested for this release. Prior versions
           were tested at the time of their release.
           
     KHM 3.0.1.0027, July 6, 2023
           
     Issue:      The KHM does not support the following platform
                 version:

                 - Red Hat Enterprise Linux 9.2
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution:   KHM 3.0.1.0027 supports the platform version specified
                 above.
                 
     KHM 3.0.1.0026, March 6, 2023

     Issue:      The KHM does not support the following platform
                 version:

                 - Red Hat Enterprise Linux 9.1
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution:   KHM 3.0.1.0026 supports the platform version specified
                 above.

     KHM 3.0.1.0025, September 14, 2022
     
     Issue:      The KHM does not support the following platform versions:

                 - Red Hat Enterprise Linux 9
                 - SuSE Linux Enterprise Desktop 15 Service Pack 4
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution:   KHM 3.0.1.0025 supports the platform versions specified
                 above.
                 
     KHM 3.0.1.0024, February 22, 2021

     Issue 1:    The KHM source code cannot be built successfully in
                 version 4.12.14-122.57-default of the SuSE Linux
                 kernel.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.1.0024 resolves this issue.

     KHM 3.0.1.0023, October 13, 2020
 
     Issue 1:    The KHM source code cannot be built successfully in 
                 version 5.3.18 of the Linux kernel.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.1.0023 resolves the issue.
 
     KHM 3.0.1.0022, August 17, 2020
 
     Issue 1:    Kernel panic may occur while the kernel module handles 
                 certain information from the user mode process.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.1.0022 resolves the issue.

     Issue 2:    Sometimes, system calls may not be unhooked when KHM 
                 unloads.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: KHM 3.0.1.0022 resolves this issue.

     KHM 3.0.1.0021, July 2, 2020
     
     Issue 1:    An issue related to the kernel mode module may cause a 
                 minor memory leak event.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.1.0021 resolves the issue.

     Issue 2:    Outgoing Real-time scans do not work properly on the 
                 RHEL 8, CentOS 8, or SLES 15 platforms.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: KHM 3.0.1.0021 resolves this issue.
   
     Issue 3:    Sometimes, ServerProtect skips certain files during 
                 scans.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 3: KHM 3.0.1.0021 resolves this issue.

     KHM 3.0.1.0020, June 1, 2020

     Issue 1:    The kernel might stop unexpectedly on platforms where 
                 CONFIG_HARDENED_USERCOPY is enabled.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.1.0020 resolves this issue.

     Issue 2:    ServerProtect does not scan some 32-bit applications on 
                 platforms where CONFIG_ARCH_HAS_SYSCALL_WRAPPER is 
                 enabled.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: KHM 3.0.1.0020 resolves this issue.
 
     KHM 3.0.1.0019, March 15, 2019

     Issue:    The KHM does not support the following platform versions:

               - SuSE Linux Enterprise Server 12 Service Pack 4
               - SuSE Linux Enterprise Desktop 12 Service Pack 4
               - SuSE Linux Enterprise Server 15 
               - SuSE Linux Enterprise Desktop 15
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: KHM 3.0.1.0019 supports all four platform versions 
               specified above.

     KHM 3.0.1.0018, May 15, 2018
 
     Issue:    KHM does not support Red Hat Enterprise Linux 7.5 and 
               CentOS 7.5.
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: KHM 3.0.1.0018 supports Red Hat Enterprise Linux 7.5 and 
               CentOS 7.5.
   
     KHM 3.0.1.0017, June 17, 2017
     
     Issue:    KHM does not support the SuSE Linux Enterprise Server 12 
               Service Pack 2 and SuSE Linux Enterprise Desktop 12 
               Service Pack 2.
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: KHM 3.0.1.0017 supports SuSE Linux Enterprise Server 12
               Service Pack 2 and SuSE Linux Enterprise Desktop 12 
               Service Pack 2.
    
     KHM 3.0.1.0016, October 19, 2016

     Issue:    After KHM starts, it automatically changes the privilege 
               setting for the memory page of the syscall table to "Read 
               Only". As a result, the Linux platform may stop 
               unexpectedly when other products attempt to make changes 
               to the information in the syscall table.
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: KHM 3.0.1.0016 rolls back the privilege setting of the 
               syscall table memory page to the default value of the 
               Linux system after it starts. This ensures that other 
               products can modify the information on the syscall table
               without issues.

     KHM 3.0.1.0015, May 30, 2016
     
     Issue 1:    The operating system (OS) may stop unexpectedly when 
                 ServerProtect for Linux wakes up a hooked process. This
                 happens when the wait queue which ServerProtect for 
                 Linux attempts to access has been deleted by the hooked 
                 process.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.1.0015 keeps a reference count of processes 
                 to make sure that the process information will not be 
                 deleted when ServerProtect for Linux wakes up a hooked 
                 process.
   
     Issue 2:    ServerProtect for Linux cannot detect when the EICAR 
                 test file is transferred to the server through SSH File 
                 Transfer Protocol (SFTP) on a Chroot environment.  
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: KHM 3.0.1.0015 removes a hard-code exclusion command 
                 "sshd" to resolve this issue.     

     KHM 3.0.1.0014, January 11, 2016

     Issue 1:    The OS may sometimes stop unexpectedly when users
                 remove a folder while ServerProtect for Linux scans 
                 some files from the same folder.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.1.0014 resolves the problem.
   
     Issue 2:    If KHM hooks some processes that have stopped, the 
                 processes may stop responding.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: KHM 3.0.1.0014 replaces a kernel API to enable the
                 system to wake up processes that have stopped.
                 
     Issue 3:    After ServerProtect updates to the Linux Kernel 3.10
                 version, the kernel API "dentry_open" implement changes
                 that prevents users from unmounting directories that
                 are currently mounted. 
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 3: KHM 3.0.1.0014 supports this change.
                 
     KHM 3.0.1.0013, April 1, 2015

     Issue 1:    KHM does not support version 12 of the SuSE Linux 
                 Enterprise Server.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.1.0013 now supports SuSE Linux Enterprise 
                 Server 12.
   
     Issue 2:    When KHM is running through the deny write directory 
                 list, kernel panic may occur if the deny write 
                 directory list is deleted outside the allotted time 
                 interval. 
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: KHM 3.0.1.0013 now keeps a reference count to help it 
                 determine whether the list has already been 
                 reconstructed while it iterates the list. This can help 
                 ensure that KHM does not delete the deny write 
                 directory list outside the allotted time interval.
                 
     Issue 3:    Sometimes, deadlock issues occur when the vsapiapp 
                 process updates the settings in KHM.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 3: KHM 3.0.1.0013 moves some actions out from the lock 
                 to prevent deadlock issues while the vsapiapp process
                 updates the settings in KHM.

     KHM 3.0.1.0012, September 15, 2014

     Issue 1:    KHM does not support Red Hat Enterprise Linux 7.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.1.0012 supports Red Hat Enterprise Linux 7.
   
     Issue 2:    After kernel 3.0, a memory leak may occur while 
                 enabling Real-time Scan.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: KHM 3.0.1.0012 resolves the memory leak issue so 
                 Real-time Scan can be enabled successfully.
                 
     KHM 3.0.1.0011, January 17, 2014
    
     Issue 1:    KHM misses a dput and an mntput kernel API call on a 
                 mounted point which can cause kernel panic when the 
                 "refer_count" value of a related node reaches a certain 
                 limit.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.1.0011 no longer misses the dput and mntput 
                 kernel API calls on mounted points.

     Issue 2:    When KHM is running through the exclusion list, kernel 
                 panic may occur if the exclusion list is deleted 
                 outside the allotted time interval.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: KHM 3.0.1.0011 keeps a reference count to help it 
                 determine whether the list has already been 
                 reconstructed while it iterates the list. This can help 
                 ensure that KHM does not delete the exclusion list 
                 outside the allotted time interval.
 
     Issue 3:    In the RHEL 6.5 kernel, the "char* filename" parameter 
                 of the kernel API "putname/getname" function has been 
                 changed to the "struct filename" structure.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 3: KHM 3.0.1.0011 supports this change.
   
     KHM 3.0.1.0010, April 18, 2013

     Issue 1:    Users can unload KHM even when some processes are
                 accessing KHM.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.1.0010 allows users to unload it only after all 
                 processes have stopped accessing KHM.
 
     Issue 2:    Users can delete the exclusion list even if some 
                 processes are accessing the exclusion list.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: KHM 3.0.1.0010 adds a reference count to the exclusion 
                 list to prevent this issue from occurring. 
 
     Issue 3:    Users sometimes cannot wake up processes that  
                 KHM hooks.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 3: KHM 3.0.1.0010 has an error handling feature that 
                 enables it to make several attempts to wake up 
                 sleeping processes if the wake up function returns an 
                 error.

     KHM 3.0.1.0009, August 24, 2012
   
     Issue:    KHM does not support SuSE 11 Service Pack 2.
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: KHM 3.0.1.0009 supports SuSE 11 Service Pack 2 with 
               kernel version 3.0
   
     KHM 3.0.1.0008, March 28, 2012

     Issue:    Sometimes, deadlock issues occur when KHM hooks files
               while other processes are accessing the files.
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: KHM 3.0.1.0008 optimizes the KHM lock function to prevent
               deadlock issues in this situation.

     KHM 3.0.1.0007, July 21, 2011

     Issue:    Under certain conditions, deadlock issues may occur while 
               loading or unloading the KHM from the kernel.
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: KHM 3.0.1.0007 contains an optimized lock function which 
               can prevent these issues.

     KHM 3.0.1.0006, May 30, 2011

     Enhancement 1: KHM 3.0.1.0006 fully supports SuSE 11 
                    Service Pack 1.
   
     Enhancement 2: Unlike previous KHM versions, KHM 3.0.1.0006 only
                    hooks configured open, close, or executed events, 
                    which improves KHM performance.
     
     Issue 1:    Servers with kernel 2.6.32 may not be able to restart 
                 while ServerProtect for Linux runs with real-time scan 
                 enabled.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.1.0006 resolves this issue.
   
     Issue 2:    After kernel 2.6.27, a memory leak may occur while 
                 "vsapiapp" restarts.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: KHM 3.0.1.0006 resolves this issue.

     KHM 3.0.1.0005, March 31, 2011

     Issue:    The computer may work abnormally while scanning running
               processes in an NFSv4 client shared directory. 
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: KHM 3.0.1.0005 resolves this issue.

     KHM 3.0.0.0005, November 6, 2010
   
     Issue 1:    ServerProtect for Linux does not support wildcard 
                 characters ("*" and "?") on the real-time scan file 
                 exclusion list.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.0.0005 resolves this issue.
   
     Issue 2:    KHM does not support SuSE 11 Service Pack 1.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: KHM 3.0.0.0005 supports SuSE 11 Service Pack 1 with 
                 kernel version 2.6.32

                 NOTE: Only 32-bit and 64-bit kernels for Xen(R) are  
                       supported in this version.
   
     Enhancement: KHM 3.0.0005 adds the "*" and "?" in the list of 
                  supported wildcard characters in the command exclusion
                  list.

     KHM 3.0.0.0004, February 1, 2010
   
     Issue:    The computer may work abnormally when KHM is running 
               with audited enabled.
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: KHM 3.0.0.0004 resolves this issue.
   
     Enhancement 1: KHM 3.0.0.0004 supports CentOS 4/5 and SuSE 11.
   
     Enhancement 2: KHM 3.0.0.0004 adds a command bypass feature for 
                    real-time scans.
                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Procedure 2:   To bypass commands for real-time scans, run the  
                    following command:

                    # echo "command1" "command2" >/proc/splx/
                       command_exclusion
     
                    NOTES:
             
                    - Run the command only after applying the new KHM 
                      build from this version of KHM source code.
             
                    - Here, "command1" and "command2" are the names of 
                      the running processes.
            
                      For example, if you do not want real-time scan to 
                      scan "vi" and "bash", you can run the following
                      commands:

                      # echo vi bash > /proc/splx/command_exclusion
             
                    - This feature supports a maximum of 10 process 
                      names.
 
                    - The command list will be reset after "vsapiapp"
                      restarts.

                    - Wildcards "*" and "?" are supported.
   

     KHM 3.0.0.0003, January 26, 2010   

     Issue:    The real-time scan option cannot take effect when users
               run it from the Web console.
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: KHM 3.0.0.003 resolves this issue.


     KHM 3.0.0.0002, April 31, 2009

     Issue:    The computer may work abnormally when several "vsapiapp" 
               threads attempt to initialize KHM.
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: KHM 3.0.0.0002 resolves this issue.
   
     Enhancement: KHM 3.0.0.0002 has a dynamic enabling feature for the 
                  kernel debug log.   
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Procedure:   To enable the kernel debug log dynamically, run the 
                  following command:

                  # echo 1 > /proc/splx/khm_debug_level

                  NOTES: 

                  - Run the command only after applying the new KHM 
                    built from this version of the KHM source code.

                  - Here, "1" is the kernel debug log level you would 
                    like to set. The valid values range is "0" to "3". 
                    Any value higher than "3" will be treated as "3". 
                    Values smaller than "0" will be treated as "0". The 
                    float value will be truncated to "integer" and any 
                    non-integer value will be treated as "invalid" and 
                    refused. 

     KHM 3.0.0.0001, January 28, 2008
 
     Issue 1:    ServerProtect cannot unmount shared files.   
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: KHM 3.0.0.0001 resolves this issue.
   
     Issue 2:    The computer may work abnormally and the following
                 kernel log is displayed after running for an extended 
                 period of time: 
               
                 "kernel: kernel BUG at include/linux/dcache.h:282!"
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: KHM 3.0.0.0001 resolves this issue.


  9. Contact Information  
  ======================================================================
     A license to Trend Micro software usually includes the right to
     product updates, pattern file updates, and basic technical support
     for one (1) year from the date of purchase only. After the first
     year, you must renew Maintenance on an annual basis at 
     Trend Micro's then-current Maintenance fees.

     Contact Trend Micro via fax, phone, and email, or visit our website
     to download evaluation copies of Trend Micro products.

     http://www.trendmicro.com/us/about-us/contact/index.html

     NOTE: This information is subject to change without notice. 


  10. About Trend Micro  
  ======================================================================
     Smart, simple, security that fits

     As a global leader in IT security, Trend Micro develops innovative
     security solutions that make the world safe for businesses and
     consumers to exchange digital information.

     Copyright 2021, Trend Micro Incorporated. All rights reserved.

     Trend Micro, ServerProtect, and the t-ball logo are trademarks of 
     Trend Micro Incorporated and are registered in some jurisdictions. 
     All other marks are the trademarks or registered trademarks of 
     their respective companies.


  11. License Agreement  
  ======================================================================
     View information about your license agreement with Trend Micro at: 
    
     http://www.trendmicro.com/us/about-us/legal-policies/
        license-agreements

     Third-party licensing agreements can be viewed:

     - By selecting the "About" option in the application user interface

     - By referring to the "Legal" page of the Administrator's Guide

