ブラッディ・マンデイ|ドラマ|TBS CS[TBSチャンネル]
9/21(月)午前11:00〜午後10:00[全話一挙放送]
ブラッディ・マンデイ シーズン2|ドラマ|TBS CS[TBSチャンネル]
9/22(火)午前11:00〜午後8:00[全話一挙放送]
9/21(月)午前11:00〜午後10:00[全話一挙放送]
9/22(火)午前11:00〜午後8:00[全話一挙放送]
ウイルスバスター ビジネスセキュリティ 9.5 用 Critical Patch (build 1549) 公開のお知らせ:サポート情報 : トレンドマイクロ
ウイルスバスター ビジネスセキュリティ 9.5 用 Critical Patch (build 1549) を下記日程にて公開いたします。
■公開開始日
2020年8月20日 (木)
■新機能・修正内容
新機能
・ビジネスセキュリティで、Microsoft Windows 10 May 2020 Updateがサポートされるようになります。修正内容
・アンインストールツールを使用して Trend Micro Worry-Free Business Security Windows Security Center Service を削除できない問題を修正します。
・ReGenIDツールが正常に機能しない問題を修正します。
・[製品Q&A] のリンク先が間違ったWebページにリダイレクトされる問題を修正します。
・リモートインストール機能が正常に実行されない問題を修正します。その他詳細につきましては、付属のReadmeファイルをご確認ください。
■入手方法
本製品は、最新版ダウンロードページよりダウンロードできます。
■導入方法
以下製品Q&Aにて適用方法を公開しておりますので、ぜひご利用ください。製品Q&A:ビジネスセキュリティ 9.5 用 Critical Patch (build 1549)の概要および適用方法
サポート情報 : トレンドマイクロ
1. はじめに =========== 注意: 本リリースをインストール後に、本セクションに「手順」が含まれる場合には 「手順」を実行してください (インストールについては、「4.1 インストール 手順」を参照してください)。 1.1 修正される問題 ================== 本リリースでは、次の各問題が修正されます。 問題1: (SEG-73743) アンインストールツールを使用して Trend Micro Worry-Free Business Security Windows Security Center Service を削除できない問題 修正1: 本リリースの適用後は、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題2: (SEG-24744) ReGenIDツールが正常に機能しない問題 修正2: 本リリースの適用後は、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題3: (SEG-29784) [製品Q&A] のリンク先が間違ったWebページにリダイレクトされる問題 修正3: 本リリースの適用後は、リンクがアップデートされこの問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題4: (SEG-73069) リモートインストール機能が正常に実行されない問題 修正4: 本リリースの適用後は、この問題が修正されます。 1.2 新機能 ========== 本リリースでは、次の新機能が提供されます。 機能: ビジネスセキュリティで、Microsoft Windows 10 May 2020 Updateがサポート されるようになります。
ウイルスバスター クラウド(最新版) | 3年 3台版 | オンラインコード版 | Win/Mac/iOS/Android対応
- 発売日: 2015/07/29
- メディア: Software Download
ウイルスバスター クラウド | 30日 無料体験版 | ダウンロード版
- 発売日: 2015/07/29
- メディア: Software Download
Trend Micro Cloud App Security メンテナンスのお知らせ:サポート情報 : トレンドマイクロ
■メンテナンス内容
(1) SharePoint Online およびOneDrive for Businessのトークンベース認証アカウントの準備 (正式リリース)(2) いとこドメインの検出によるベンダー詐欺対策
(3) 仮想アナライザの承認済みファイルリストの設定
(5) 不正プログラム検索でのパスワード保護されたPDFファイルの検出
(6) Cloud App Security管理コンソールのセキュリティ向上の為、TLS 1.0 / 1.1のサポートを停止し、
TLS 1.2 のみサポートされるようになります。※Cloud App Securityシステム要件記載のブラウザをご使用されている場合は接続に問題はございませんが、
メンテナンス後、管理コンソールにアクセスできない場合は、以下Q&Aをご確認ください。◆Cloud App Security管理コンソールにログオンすると、「サーバーが見つかりませんでした」
サポート情報 : トレンドマイクロ
または「接続が終了しました」というエラーメッセージが表示される。
https://success.trendmicro.com/jp/solution/000263043
Trend Micro Virtual Patch for Endpoint において整合性検証(CVE-2020-8602)および LDAP認証(CVE-2020-15601)に関する脆弱性が確認されました。
本脆弱性への対応のため、Trend Micro Virtual Patch for Endpoint にて修正プログラムを公開いたしましたので適用をお願いいたします。
詳細については、以下のサイトをご確認ください。アラート/アドバイザリ:Trend Micro Deep Security および Trend Micro Virtual Patch for Endpoint における整合性検証(CVE-2020-8602)および LDAP認証(CVE-2020-15601)に関する脆弱性について
サポート情報 : トレンドマイクロ
実践 bashによるサイバーセキュリティ対策 ―セキュリティ技術者のためのシェルスクリプト活用術
- 作者:Paul Troncone,Carl Albing
- 発売日: 2020/04/21
- メディア: 単行本(ソフトカバー)
Trend Micro Deep Security において整合性検証(CVE-2020-8602)および LDAP認証(CVE-2020-15601)に関する脆弱性が確認されました。
本脆弱性への対応のため、Trend Micro Deep Security にて修正プログラムを公開いたしましたので適用をお願いいたします。
詳細については、以下のサイトをご確認ください。アラート/アドバイザリ:Trend Micro Deep Security および Trend Micro Virtual Patch for Endpoint における整合性検証(CVE-2020-8602)および LDAP認証(CVE-2020-15601)に関する脆弱性について
サポート情報 : トレンドマイクロ
TippingPoint Security Management System(SMS) Version 5.3.0 Patch 2 公開のお知らせ:サポート情報 : トレンドマイクロ
TippingPoint Security Management System(SMS) version 5.3.0 Patch 2 が以下の通り公開されました。
■公開開始日
2020年8月20日 (木)詳細につきましては以下のアナウンス、および Release Notes(英語)をご覧ください。
TippingPoint Software Release Announcement
Security Management System(SMS) Version 5.3.0.2 release Notes■入手方法
Trend Micro TippingPoint Threat Management Center(TMC)からアップグレード用のモジュールやドキュメントをダウンロード
することができます。
※ログインには TMC アカウントが必要です。■導入手順
サポート情報 : トレンドマイクロ
導入手順につきましてはOnline Help Centerからダウンロードできるインストールガイドやユーザーガイドをご参照ください。
※ドキュメントは全て英語です。
Trend Micro™ TippingPoint has released Patch 2 for SMS v5.3.0; this is a maintenance release that addresses the following issues: • Profile distribution fails in complex virtual segment deployments • SMS diagnostic log files become increasingly large as more are generated • Syslog outputs reporting old events and missing key ArcSight CEF fields • Syslog performance optimizations related to event output delays • RADIUS authentication fails on service restart • SMS becomes unresponsive during boot in large deployments • WHOIS lookups not returning results correctly in SMS Important Notes: • All SMS v5.3.0 customers are encouraged to install this patch at the earliest opportunity. • Patch installation should take approximately 15 minutes. • The SMS Server will automatically reboot after patch installation. You will then be prompted to update the SMS client. << >> [asin:9784866212791:detail]
InterScan for Microsoft Exchange 14.0 Patch 3 (build 2091) 公開のお知らせ:サポート情報 : トレンドマイクロ
InterScan for Microsoft Exchange 14.0 Patch 3 (build 2091)を下記日程にて公開いたします。
■ 公開開始日
2020年8月17日(月)
■新機能および修正内容
InterScanをTrend Micro Cloud App Securityと統合
隔離されたメールメッセージのログをCloud App Security上で可視化したり、隔離されたメールメッセージをCloud App Securityに再送信することができるようになります。
その他の修正に関しては、付属の Readmeファイルをご覧ください。
※ Patch 1および2は、日本でリリースされていません。■入手方法
本製品は次のページからダウンロードできます。
「InterScan for Microsoft Exchange 14.0 ダウンロードページ」
■導入手順
サポート情報 : トレンドマイクロ
付属の Readmeファイルをご覧ください。
2. 修正される内容 ================= 注意: 本リリースをインストール後に、本セクションに「手順」が含まれる場合には 「手順」を実行してください (インストールについては、「5.2 インストール 手順」を参照してください)。 2.1 新機能 ========== 本リリースでは、次の新機能が提供されます。 本リリースで提供される内容について、次の形式で記載します。 ------------------------------------------------ 機能: [社内管理用番号] [HotFixファイル名] 機能の内容 ------------------------------------------------ 機能1: 情報漏えい対策テンプレート - 情報漏えい対策テンプレートがバージョン3.1. 1046にアップデートされます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 機能2: [SEG-45978][SEG-52236][SEG-60644][SEG-63413] [Hotfix 1340] コンテンツ違反ログ - InterScan WebコンソールからTrend Micro Apex Central サーバに送信する検索不能メッセージ部分ログの種類を設定できるようになりま す。非表示のキーは [管理]→[Apex Centralの設定]→ [検索不能メッセージ部分ログ] 画面で追加します。 注意: この機能を使用するには、Trend Micro Control Manager 7.0のHotFix 番号が3097以上であることを確認してください。HotFixを取得するには、 テクニカルサポートへお問い合わせください。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 機能3: [SEG-54685] [JP Hotfix 2641] メール検索 - InterScanでは、Exchange 2013、Exchange 2016、およびExchange 2019の回復可能なアイテムフォルダ内にある削除されたメールメッセージを検索 できませんでした。本リリースでは、回復可能なアイテムフォルダ内の削除された メールメッセージを検索するようにInterScanを設定できるオプションが提供され ます。 手順3: この機能を設定するには、次の手順に従ってください。 1. 本リリースをインストールします (「5.1 インストール手順」を参照)。 2. レジストリエディタを開きます。 3. 次のキーに適切な値を設定します。 キー名: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion 名前: SkipScanDeletedRecoverableFolder 種類: REG_DWORD データ値: 1: 回復可能なアイテムフォルダ内の削除されたメールメッセージを検索しま せん (初期設定)。 0: 回復可能なアイテムフォルダ内の削除されたメールメッセージを検索しま す。 4. InterScan for Microsoft Exchange Master Serviceを再起動します。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 機能4: Cloud App Securityとの統合 - InterScanをTrend Micro Cloud App Securityと 統合することで、1つ以上のInterScanサーバから、隔離されたメールメッセージの ログをCloud App Security上で可視化したり、隔離されたメールメッセージを Cloud App Securityに再送信することができるようになります。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 機能5: 情報漏えい対策の識別子 - 情報漏えい対策のファイル属性の検出がサポートされ るようになります。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 機能6: 隔離 - 隔離されたメッセージを送信する前に、Webレピュテーションによる再検索 が必要かどうか設定するオプションが提供されます。 手順6: この機能を設定するには、次の手順に従ってください。 1. 本リリースをインストールします (「5.1 インストール手順」を参照)。 2. レジストリエディタを開きます。 3. 次のキーに適切な値を設定します。 キー名: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion 名前: EnableResendWithWRSUI 種類: REG_DWORD データ値: 1: 隔離されたメッセージを再送信する際、Webレピュテーション保護を実行す るオプションを表示します。 0: 隔離されたメッセージを再送信する際、Webレピュテーション保護を実行す るオプションを表示しません (初期設定)。 2.2 本リリースで修正される既知の問題 ==================================== 本リリースでは、次の問題が修正されます。 本リリースで修正される内容について、次の形式で記載します。 ------------------------------------------------ 問題: [社内管理用番号] [HotFixファイル名] 問題の内容 修正: 修正の内容 手順: 手順の内容 ------------------------------------------------ 問題1: [SEG-51783] 別の除外対象外のアドレスがリストに含まれていると、情報漏えい対策ポリシーの 除外設定が機能しない問題 修正1: 本リリースの適用後は、受信者情報をメールメッセージから取得するかどうか判 断するための境界一致や条件が追加され、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題2: [SEG-57951] InterScanで次の各問題が検出されていました。 1. 次のシステムイベントの設定をWebコンソールの [サーバ管理] 画面または Trend Micro Control Managerから複製できない問題 - 機械学習型検索が次の場合 - ライティングスタイルサービスが次の場合 2. 管理Webコンソールの [通知設定] にある [すべての通知に適用] ボタンが 次の通知設定に対して機能しない問題 - 機械学習型検索が次の場合 - ライティングスタイルサービスが次の場合 修正2: 本リリースの適用後は、両方のシステムイベントの設定を [サーバ管理] 画面 およびTrend Micro Control Manager管理コンソールから複製できるようになり ます。また、[すべての通知に適用] ボタンが両方の通知設定に対して機能するよ うになります。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題3: [SEG-58468] [Hotfix 1335] Deep Discovery Analyzer管理コンソールにヘブライ語のファイル名が正しく表示 されない問題 この問題は、添付ファイル名がBase64エンコードする際に、全角文字はUTF-8に変 換されますが、Base64デコード時に、UTF-8文字ではなくマルチバイト文字を全角 文字に変換する機能が呼び出されるために発生していました。 修正3: 本リリースの適用後は、Base64の添付ファイル名をデコードする際、UTF-8を全角 文字に変換する正しい機能が呼び出されるようになり、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題4: [SEG-62061] [Hotfix 1337] 最終的な検索結果が記録される前に結果がリリースされるため、InterScanのWeb コンソールのTrendXの検索結果に、OLEレイヤで検出されたウイルスの情報が含ま れないことがある問題 修正4: 本リリースの適用後は、最終的な検索結果が記録されてからTrendXの検索結果が リリースされるようになり、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題5: [SEG-59825] 隔離された元のメールを添付ファイルにしてメールを再送信する場合、この隔離 されたメールに起因して高度なスパム対策ルールが実行され、添付ファイルが ドキュメントファイルになる問題 修正5: 本リリースの適用後は、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題6: [SEG-63222] Deep Discovery Analyzerへの送信数が、InterScan WebコンソールとDeep Discovery Analyzer管理コンソールで一致しない問題この問題は、サイズが0の 添付ファイルが正しく処理されないために発生していました。 修正6: 本リリースの適用後は、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題7: [VRTS-3703] OpenSSL/libcurlのモジュールがコードインジェクションの脆弱性の影響を受ける 問題 修正7: 本リリースの適用後は、トレンドマイクロの共通モジュールがアップデートされ、 この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題8: [SEG-59268] Trend Micro Apex CentralがInterScanサーバに接続できない問題 この問題は、一部のサフィックスがDNSサフィックス検索リスト (dns-suffix-search-list) に追加されていない、複数のドメインを含む大規模 な環境で、Trend Micro Apex Centralが、完全修飾ドメイン名やIPアドレスではな くホスト名のみで接続されているInterScanサーバを識別/検索する場合に発生して いました。 修正8: 本リリースの適用後は、完全修飾ドメイン名を使用して、接続されている InterScanサーバが識別されるようになります。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題9: [SEG-56061] [Hotfix 3008] InterScanのフィルタに「特定ユーザ/グループ」を設定するとメモリリークが発生 することがある問題 修正9: 本リリースの適用後は、キャッシュがアップデートされ、この問題が修正されま す。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題10: [SEG-63660] [Hotfix 3009] 1つのSQLインスタンスに多数のInterScanデータベースが含まれることがあり、 これに起因して、InterScanがデータベース接続を確認してSQLクエリ「SELECT COUNT(TABLE_NAME) as num FROM INFORMATION_SCHEMA.TABLES」をシステムビュー から実行するとパフォーマンスが低下することがある問題 修正10: 本リリースの適用後は、システムビューからではなくデータベース自体からクエリ を実行できるようになり、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題11: [SEG-70457] [Hotfix 3010] [隔離ファイルの削除設定] 画面で、「メッセージ部分の隔離」処理によって隔離 されたファイルを隔離フォルダから削除できないことがある問題 修正11: 本リリースの適用後は、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題12: [SEG-67814] [Hotfix 3011] InterScanをポート443からTrend Micro Apex Centralに登録できないことがある 問題 修正12: 本リリースの適用後は、InterScanがTrend Micro Apex Centralへの接続をテスト する際、Trend Micro Control Managerのiniファイルに指定されたテスト接続設定 を適用できるようになり、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題13: [SEG-67397] 「新たなスパムメール送信元の検出」が有効な場合、Time-of-Clickプロテク ションによって、新たに検出されたURLや未評価のURL以外のURLが書き換えられな い問題 修正13: 本リリースの適用後は、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題14: [SEG-69405] InterScanがメッセージを隔離した後、ログがデータベースに挿入されず、隔離さ れたログからログを見つけられないことがある問題 修正14: 本リリースの適用後は、ログがデータベースに正常に挿入されるようになります。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題15: [SEG-64877] [Hotfix 3019] dtSearchモジュールの解析機能に関連した問題により、InterScanがキーワードを 検出できない問題 修正15: 本リリースの適用後は、dtSearchが最新バージョンにアップデートされ、この問題 が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題16: [SEG-72957] [Hotfix 3014] [添付ファイルブロック] でWordファイルをブロックする設定になっている場合、 パスワード保護されたMicrosoft Officeドキュメントをとしてブロックする特定の 対象としていないにもかかわらず、Officeドキュメントがブロックされる問題 この問題は、Microsoft Officeドキュメントがパスワード保護されOLEファイル化 されると、すべてのドキュメントが.docファイルとして認識されるために発生して いました。 修正16: 本リリースの適用後は、上述のブロック条件設定がされている場合にも、パス ワード保護されているOfficeドキュメントがブロックされないようになります。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題17: [SEG-75958] [Hotfix 2058][Hotfix 3039] CMAgentが「[コマンド] 重複するコマンドは無視されました」という内容のログ を「成功」を示すステータスなしでTrend Micro Apex Centralに送信する問題 これにより、コマンドが実行中であっても、Trend Micro Apex Centralでアップ デート配信の失敗が大量に検出されます。 修正17: 本リリースの適用後は、CMAgentで「[コマンド] 重複するコマンドは無視されまし た」というコマンド追跡エントリが「成功」のコマンドとしてただちにタグ付けさ れるようになり、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題18: [SEG-75155] [Hotfix 3034] 「EmMaxDecompressLayerCount=0」の場合、情報漏えい対策のファイル属性が正し く機能しないことがある問題 修正18: 本リリースの適用後は、eManagerがアップグレードされ、この問題が修正されま す。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題19: [SEG-75109] [Hotfix 3038] 対象コンピュータで仮想アナライザの実行中に設定の複製を行う場合、InterScan がDeep Discovery Analyzerから登録解除されて新しいプロダクトキーで再登録さ れるが、その際、DTASの処理キューに以前のプロダクトキーを使用するドキュメン トやジョブがあると、Deep Discovery Analyzerからエラーコード419が返されて ファイルが分析されない問題 修正19: 本リリースの適用後は、「仮想アナライザ」の作業キュー内のファイルが正常に 処理されるようになり、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題20: [SEG-78879] [Hotfix 3040] InterScanのログの生成を有効にしてInterScan for Microsoft Exchange Master Serviceを再起動すると、高度な脅威検索エンジンのログも自動的に有効になり、 InterScanのログの生成を無効にしてInterScan for Microsoft Exchange Master Serviceを再起動しないと無効にできなくなる問題 修正20: 本リリースの適用後は、この問題が修正されます。 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 問題21: [VRTS-4792] InterScanがローカルのアップデートサーバからダウンロードしたエンジンファイ ルまたはパターンファイルにディレクトリトラバーサルの脆弱性がある問題 修正21: 本リリースの適用後は、トレンドマイクロのアップデートモジュールがアップ デートされ、この問題が修正されます。
- 作者:佐々木 伸彦
- 発売日: 2020/01/23
- メディア: 単行本(ソフトカバー)
ウイルスバスター クラウド プログラムアップデートのお知らせ:サポート情報 : トレンドマイクロ
プログラムバージョン 12 (バージョン番号:12.x.xxxx)
※プログラムバージョンの確認方法は下記の製品Q&Aページでご確認いただけます。
https://helpcenter.trendmicro.com/ja-JP/article/TMKA-17981/
■公開予定日
2020年08月19日(水)
■入手方法
このプログラムアップデートは、上記公開予定日からウイルスバスター クラウドがインストールされている環境に順次配信されます。
プログラムアップデート後、コンピュータの再起動を求められる場合があります。
■主な更新内容
サポート情報 : トレンドマイクロ
累積の修正
ウイルスバスター for Mac プログラムアップデートのお知らせ:サポート情報 : トレンドマイクロ
ウイルスバスター for Mac をご利用のお客様を対象にプログラムアップデートを実施いたします。
■対象製品
ウイルスバスター for Mac (月額版を含む)プログラムバージョン 10 (バージョン番号:10.x.xxxx)
※プログラムバージョンの確認方法は下記の製品Q&Aページでご確認いただけます。
https://helpcenter.trendmicro.com/ja-jp/article/TMKA-19220■公開予定日
2020年08月20日(木)■入手方法
サポート情報 : トレンドマイクロ
このプログラムアップデートは、上記公開予定日よりウイルスバスター for Mac および、ウイルスバスター for Mac 1台版がインストールされている環境に順次配信されます。
プログラムアップデート後、ウイルスバスター for Mac が再起動されます。
■主な更新内容
累積の修正
Chrome
- デスクトップ向け「Google Chrome 84」に今月2回目のセキュリティアップデート - 窓の杜
- 【セキュリティ ニュース】「Chrome 84.0.4147.135」がリリース - 脆弱性1件を解消(1ページ目 / 全1ページ):Security NEXT
- Google Releases Security Updates for Chrome | CISA
- 危険な“混合フォーム(mixed forms)”にご用心 ~「Google Chrome 86」から警告措置 - 窓の杜
- 【セキュリティ ニュース】「Chrome 84.0.4147.135」がリリース - 脆弱性1件を解消(1ページ目 / 全1ページ):Security NEXT
- 「Chrome 84」に脆弱性、Googleがアップデート公開 - ITmedia エンタープライズ
- デスクトップ向け「Google Chrome 84」に今月2回目のセキュリティアップデート - 窓の杜
Release notes of 5.2.1 (44040.0816)
General features
- Allow Host to unmute participants using pre-approved consent
Chat features
- Admin control of who (internal/external) can add more members to a channel
Phone features
- Highlight text to dial
- Inbound call notification for internal safety response team
Resolved Issues
- Call queue continues routing calls to users after sign-out
- Minor bug fixes
- 作者:越川 慎司
- 発売日: 2018/12/14
- メディア: 単行本
Resolved issues
- When there was a Log Inspection database corruption issue, it did not affect the Log Inspection status on the Deep Security Manager. SEG-77081/02984526/DSSEG-5726
- There was a rights issue with Scheduled Tasks that caused incorrect behaviors to occur when creating them. SEG-78610/SF03320936/DSSEG-5752
- Imported VMs in vCloud were unable to activate. SEG-75542/03189161/DSSEG-5813
- Upgrading to Deep Security Manager 12 was blocked if you installed Deep Security Virtual Appliance into NSX-V 6.4.7 on ESXi 7.0. SEG-82636,/SEG-82637/DSSEG-5926
- The Computer Status widget on Deep Security Manager's dashboard did not display the correct number of managed computers. SEG-80171/03189161/DSSEG-5885
What's new in Deep Security Manager? | Deep SecuritySecurity updates
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-5814/VRTS-4652/03296737/DSSEG-5772
- CVSS Score: 9.8
- Severity: Critical
Enhancements
- You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents > Data Privacy and selecting No. SF03237033/DSSEG-6017
Resolved issues
- When Anti-Malware real-time scans were enabled in Linux, sometimes the system crashed because buffers from procfs were not validated. SEG-80183/DSSEG-5884
- Application Control sometimes blocked applications that should have been allowed as they were created by a trusted updater. SEG-77446/03206632/DSSEG-5840
- Agent self-protection did not protect Deep Security Notifier. SEG-76015/SF03168155/DSSEG-5920
- When a Deep Security Agent was deactivated, the Anti-Malware module's language was switched to English. When the Deep Security agent was reactivated in Japanese, this sometimes caused the Anti-Malware component update to fail. SEG-79963/03184072/DSSEG-5811
- When a re-transmission packet with new packets was sent, it sometimes produced an "Unsupported SSL Version" Intrusion Prevention event./DSSEG-5879
- When there was a Log Inspection database corruption issue, it did not affect the Log Inspection status on the Deep Security Manager. SEG-77081/02984526/DSSEG-5726
- Deep Security Manager reported a security update timeout because Deep Security Agent received exceptions as security updates. SEG-82072/03273761/DSSEG-5953
- Deep Security Agent detected false file change events due to the setuid/setgid formatting. The agent also generated false file attribute changes in /usr/bin following an upgrade, which was caused by the file creation time change./DSSEG-5928
- When "Serve Application Control rulesets from relays" was enabled, unnecessary relay error events occurred./DSSEG-5988
- When the Kerberos cache file was deleted and re-added, a lot of "User Added" and "User Deleted" Integrity Monitoring events occurred. SEG-80629/03402557/DSSEG-5981
What's new in Deep Security Agent? | Deep SecuritySecurity updates
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-5255
- CVSS score: 7.8
- Severity: High
- Updated to curl 7.67.0.
- Updated to openssl-1.0.2t.
Enhancements
- You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents > Data Privacy and selecting No. SF03237033/DSSEG-6017
Resolved issues
- Application Control sometimes blocked applications that should have been allowed as they were created by a trusted updater. SEG-77446/03206632/DSSEG-5840
- Agent self-protection did not protect Deep Security Notifier. SEG-76015/SF03168155/DSSEG-5920
- When a Deep Security Agent was deactivated, the Anti-Malware module's language was switched to English. When the Deep Security Agent was reactivated in Japanese, this sometimes caused the Anti-Malware component update to fail. SEG-79963/03184072/DSSEG-5811
- Deep Security Manager reported a security update timeout because Deep Security Agent received exceptions at security updates. SEG-82072/03273761/DSSEG-5953
- Deep Security Agent detected false file change events due to the setuid/setgid formatting. The agent also generated false file attribute changes in /usr/bin following an upgrade, which was caused by the file creation time change. /DSSEG-5928
- When "Serve Application Control rulesets from relays" was enabled, unnecessary relay error events occurred. /DSSEG-5988
- On Solaris 10 servers with Deep Security Agent and debug logs enabled for Anti-Malware, the Deep Security Agent process sometimes encountered an abnormal restart. SEG-80989/SF03420394/DSSEG-5880
- When the Kerberos cache file was deleted and re-added, a lot of "User Added" and "User Deleted" Integrity Monitoring events occurred. SEG-80629/03402557/DSSEG-5981
What's new in Deep Security Agent? | Deep SecuritySecurity updates
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases.
- CVSS score: 7.8
- Severity: High
- Updated to curl 7.67.0.
- Updated to openssl-1.0.2t.
Enhancements
- You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents > Data Privacy and selecting No. SF03237033/DSSEG-6017
Resolved issues
- Application Control sometimes blocked applications that should have been allowed as they were created by a trusted updater. SEG-77446/03206632/DSSEG-5840
- Agent self-protection did not protect Deep Security Notifier SEG-76015/SF03168155/DSSEG-5920
- When a Deep Security Agent was deactivated, the Anti-Malware module's language was switched to English. When the Deep Security agent was reactivated in Japanese, this sometimes caused the Anti-Malware component update to fail. SEG-79963/03184072/DSSEG-5811
- When a re-transmission packet with new packets was sent, it sometimes produced an "Unsupported SSL Version" Intrusion Prevention event. /DSSEG-5879
- When there was a Log Inspection database corruption issue, it did not affect the Log Inspection status on the Deep Security Manager. SEG-77081/02984526/DSSEG-5726
- Deep Security Manager reported a security update timeout because Deep Security Agent received exceptions at security updates. SEG-82072/03273761/DSSEG-5953
- When "Serve Application Control rulesets from relays" was enabled, unnecessary relay error events occurred. /DSSEG-5988
- When the Kerberos cache file was deleted and re-added, a lot of "User Added" and "User Deleted" Integrity Monitoring events occurred. SEG-80629/03402557/DSSEG-5981
What's new in Deep Security Agent? | Deep SecuritySecurity updates
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases.
- CVSS score: 7.8
- Severity: High
- Updated to curl 7.67.0.
- Updated to openssl-1.0.2t.
Release Date: August 19, 2020
CVE Identifier(s): CVE-2020-8602, CVE-2020-15601
Platform(s): Windows
CVSS 3.1 Score(s): 7.2 and 8.1
Severity Rating(s): HighTrend Micro has released new patches for Trend Micro Deep Security Manager and Trend Micro Vulnerability Protection. These patches resolve two security issues which, in certain circumstances, could impact the confidentiality, integrity and availability of the management console.
PRODUCT AFFECTED VERSION(S) PLATFORM LANGUAGE(S) Deep Security Manager* Version 12.0 Windows English Version 11.0 Windows English Version 10.0 Windows English Vulnerability Protection Version 2.0 SP2 Windows English
対応済みバージョン
PRODUCT UPDATED VERSION Update Date PLATFORM AVAILABILITY Deep Security Manager Version 12.0 U11 August 19, 2020 Windows Now Available Version 11.0 U22 July 15, 2020 Windows Now Available Version 10.0 U27 August 7, 2020 Windows Now Available Vulnerability Protection Version 2.0 SP2 Patch7 CP5 August 12, 2020 Windows Now Available
Vulnerability Details
CVE-2020-8602: Deep Security Manager and Vulnerability Protection Integrity Verification Bypass
CVSSv3.1: 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
A vulnerability in the affected products' management console may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.CVE-2020-15601: Deep Security Manager and Vulnerability Protection LDAP Authentication Bypass
CVSSv3.1: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
If LDAP authentication is enabled, an unauthenticated attacker with prior knowledge of the targeted organization may be able to bypass manager authentication.
Enabling multi-factor authentication prevents this attack.
Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.
体系的に学ぶ 安全なWebアプリケーションの作り方 第2版 脆弱性が生まれる原理と対策の実践
- 作者:徳丸 浩
- 発売日: 2018/06/21
- メディア: 単行本
1. About Deep Security 9.6 Service Pack 1 Patch 1 Update 27 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security Agent 9.6 Service Pack 1 Patch 1 Update 27 contains no feature enhancements and no bug fixes. For a list of the major changes in Deep Security 9.6 Service Pack 1 Patch 1 Update 27, please see the "What's New" section of the Installation Guides, which are available for download from the Trend Micro Download Center. 1.2 Who Should Install This Release ===================================================================== You should install this release if you are currently running Deep Security 9.0 SP1 Patch 5, 9.5 SP1 Patch 2, or 9.6. All new Deep Security users should install Deep Security 9.6 Service Pack 1 Patch 1 Update 27. 2. What's New ======================================================================== 2.1 Enhancements ===================================================================== There are no enhancements in this release. 2.2 Resolved Known Issues ===================================================================== There are no issues fixed in this release. 2.3 Security Updates ===================================================================== [DSSEG-5693] Security updates are included in this release. For more information about how we protect against vulnerabilities, visit https://success.trendmicro.com/vulnerability-response. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases.
7. Known Issues ======================================================================== - On Windows 2000, Deep Security Agent will encounter "network driver installation failed" messages if the Microsoft and Symantec VeriSign Root Certificate is not updated to the latest version on the host machines. For details, see: http://intkb.trendmicro.com/solution/en-us/1119983.aspx [DSSEG-2376] - On Windows 2000, the Deep Security Agent service cannot start automatically after rebooting due to a default service timeout of 30 seconds. [DS-21251] - When the agent is installed on Windows 2000, Deep Security Manager may display "Managed (offline)" for the agent when enabling the Firewall and/or Intrusion Prevention modules because network connectivity is interrupted while a driver is installed. Users can wait for network connectivity to be restored, click "Clear Warnings/Errors" for the computer, and then click "Check Status". [DSSEG-2374] - In rare circumstances, when enabling Anti-Malware feature on Deep Security Agent running on Windows XP, the AMSP service installation may fail with the error message "AMSP error code (0x20ff0000)". As a workaround, reinstall the Deep Security Agent. [29436] - On Windows 32-bit platforms, there is a configuration limit of 20MB because of the smaller kernel memory available on these platforms. The event "Agent configuration package too large" may appear if there are too many rules enabled on the Deep Security policy being assigned. This may be fixed by trimming down the Intrusion Prevention rules strictly to Recommended for Assignment only. [27162] - If the Integrity monitoring feature in Combined Mode is disabled, the Deep Security Notifier status will display it as Not Capable instead of Not Configured. [29403] - Deep Security Azure Connector does not identify virtual machines created by Azure Resource Manager a.k.a ARM VM (v2). DSA installed in ARM VM will not be included in Azure connector but in the normal computer list. This limitation will have no impact on security features provided by Deep Security. [29630] - Deep Security Agent could not convert shift-jis encoded characters to UTF-8. Therefore, any folders named with shift-jis encoding will be skipped during Integrity Monitoring scanning. [28879] - If agentless Anti-Malware real-time protection is turned off, the Notifier will not get any status updates from the Appliance. It will then turn off Antivirus protection in the Windows Action Center. [29230/29574] - When you deactivate the Deep Security Virtual Appliance or agentless protection, the Notifier will not be able to get any status from the Deep Security Virtual Appliance. The Notifier knows that anti-malware is not working so it will turn it off in the Windows Action Center. It does not know the status of the firewall so it will leave the firewall status in the Windows Action center in its last known state. [29230/29574] - The Deep Security Notifier installed in the virtual machines should be upgraded to 9.6 Service Pack 1 Patch 1 Update 4 to correctly display the status of protection in 9.6 Service Pack 1 Patch 1 Update 4, especially when using Combined Mode. [28557] - Deep Security does not support switching the Windows 2012 server mode between Server Core and Full (GUI) modes after the Deep Security Agent is installed. [28481] - If you are using Server Core mode in a Hyper-V environment, you will need to use Hyper-V Manager to remotely manage the Server Core computer from another computer. When the Server Core computer has the Deep Security Agent installed and Firewall enabled, the Firewall will block the remote management connection. To manage the Server Core computer remotely, turn off the Firewall module. [28481] - Hyper-V provides a migration function used to move a guest VM from one Hyper-V server to another. The Deep Security Firewall module will block the connection between Hyper-V servers, so you will need to turn off the Firewall module to use the migration function. [28481] - Deep Security Agent does not support scanning a mounted network folder (SMB) on the following Windows platforms: Windows 2016 Server (64-bit) Windows 2012 Server R2 (64-bit) Windows 2012 Server (64-bit) Windows 10 (32/64-bit) Windows 8.1 (32/64-bit) Windows 8 (32/64-bit) [22016] - Deep Security Notifier when using agentless protection in NSX environment will not work if only WRS feature is turned on. Agentless anti-malware must be enabled for Deep Security Notifier to work. [22210] - The Relay feature uses TCP port 4122. When enabling the Relay feature, make sure TCP port 4122 is allowed in any firewall being used. [22749] - Relay feature is not supported on Windows XP. [17729] - The Deep Security Agent anti-malware files and folder might not get removed on upgraded 9.0 to 9.5 Agents when uninstall is performed. This only happens when anti-malware feature is enabled then disabled in 9.0 before upgrading to 9.5 and the anti-malware feature was never enabled in 9.5 before uninstalling. When this happens, follow manual uninstall procedures in http://esupport.trendmicro.com/solution/en-US/1096150.aspx to completely uninstall. [21716] - Some Anti-Malware events are not generated when using Windows built-in decompress tool on Windows Vista and later versions. This issue will not happen when using 3rd party decompress tool. [23055] - Windows Add/Remove Programs or Programs and Features doesn't show the exact version of the Deep Security Agent. Deep Security Agent version consists of major.minor.sp-build but Windows only show them as major.minor.build. [21990] - CPU usage control in Scan for Integrity may not work after a reboot. Rebuild Integrity Baseline or reactivation will fix this. [20725/20563] - During anti-malware realtime scan, Deep Security Agent may sometimes produce multiple Delete Failed events even when the deletion was successful. This rarely occurs but it happens when the file is being locked by other process temporarily. [23520] - When upgrading Deep Security Agent on Windows 2012, an error message saying "Service 'Trend Micro Deep Security Agent'(ds_agent) could not be installed. Verify that you have sufficient privileges to install system services." may appear. This may be fixed by running Windows Update troubleshooter in http://support.microsoft.com/kb/910336. [23728] - Deep Security Notifier will show the status of Intrusion Prevention as Not Configured if the IPS has no rules assigned even if it's On. [22938] - Some security components of Deep Security Agent with Relay feature enabled may get removed unexpectedly after an update. As a workaround, retry the security update. [24004] - Upgrading to Deep Security Agent 9.5 or 9.6 Patch 1 by running a deployment script on an AWS instance that already has Deep Security Agent 9.0 will not work. Deep Security Agent upgrade must be done from the Deep Security Manager. [25598] - After Deep Security Agent upgrade, the event "Abnormal Restart Detected" may appear. The upgrade is not affected by this event and may be safely ignored. Do Clear Warnings and Errors and perform a Check Status to reflect the actual status of the Agent. [26619] - In some cases, a laptop computer has the "Microsoft Virtual Wi-Fi Miniport Adapter" option enabled. Such devices, used for creating Wi-Fi hotspots (ad hoc networks) through the wireless adapter, would enable both the real device for the true wireless connection and the "Microsoft Virtual Wi-Fi Miniport Adapter" for the ad hoc connections, with the same MAC address. This triggers Deep Security Agent on such laptop computers to request for an interface update on every heartbeat. [17502] - In a cloud provider environment, if the "Enable regular synchronization with Cloud Provider" option is disabled, changing the Deep Security Agent hostname will disrupt the communication between Deep Security Manager and Deep Security Agent. Trend Micro strongly recommends keeping the "Enable regular synchronization with Cloud Provider" option ON. [15608] - On Windows 2008 and Windows Server 2012, after installing Deep Security Manager with a co-located Relay, the Deep Security Notifier icon does not automatically show up in the Windows notification area. However, Deep Security Notifier will still work. Users need to re-launch Deep Security Notifier from the "Start" menu or restart the system. [17533] - The following system event log appears when you install Deep Security Agent on the Windows Vista, Windows 2008, or Windows 7 platform: "The Trend Micro Deep Security Agent service is marked as an interactive service. However, the system is configured not allow interactive services. This service may not function properly." This is a normal warning on Windows Vista or higher Windows versions. On these platforms, Windows does not allow services to interact with the user's desktop, so the operating system displays the warning when Deep Security Agent tries to use interactive services. This desktop interaction feature is used by the Deep Security Agent to provide the restart notice on pre-Vista versions of Windows. The warning message can be safely ignored. [Deep Security 8.0 Tier 2-00253] - In Windows Vista and higher releases, sometimes, you will encounter problems while upgrading the Deep Security Agent. The problem is related to the timing of the VC RTL assemblies being published to WinSxS, but it only seems to cause trouble on Vista or higher and only if the version of the RTL is not changing. The root cause is some corrupted Windows components. To work around this, you can either run the Windows System File Checker (sfc.exe) to repair the operating system, or install the Microsoft Visual C++ Redistributable Package from the following URL before starting the upgrade procedure again. http://www.microsoft.com/download/en/details.aspx?id=26347 After installing the package from Microsoft, you should restart the computer or else the upgrade may still fail. To recover from this, you can install the package, re-run the installer and restart the computer. [Deep Security 8.0-01044] - Intrusion Prevention (DPI) is not supported over SSL connections when using IPv6. - On Windows XP, you may encounter a "Fatal Error During Installation." message if you attempt to uninstall the Deep Security Agent through the "Add/Remove programs" page while the Agent's "Self Protection" function is enabled. This message comes from Windows indicating that the uninstall did not proceed because self-protection is enabled. It is not a Deep Security error. [Deep Security 8.0-00410] - When running an Anti-Malware Manual Scan with Smart Scan enabled, if the Deep Security Agent cannot contact the Smart Scan server, the resulting error event will indicate a "Real-Time" scan type instead of "Manual". [Deep Security 8.0 Tier 2-00024] - If network connectivity is lost for an extended period of time during a Deep Security Agent upgrade, you may need to restart the host machine. - It is possible that NDIS drivers will stop responding during Deep Security Agent installation or uninstallation if they do not properly free packets when requested to unbind. Deep Security Agent with NDIS 5.1 or NDIS 6.0 driver can free all packets correctly before upgrading or uninstalling. However, when installing or uninstalling NDIS drivers, Microsoft requires that all NDIS drivers be unbound and then rebound. This means that if other third-party NDIS drivers do not properly free packets, it is still possible for the Deep Security Agent install, upgrade, or uninstall process to stop responding. This is beyond Trend Micro's control and will only happen rarely. If this does occur then you can restart the computer and try to install, uninstall, or upgrade Deep Security Agent again. - Log Inspection Event logs are limited to 6000 characters. - When the network engine is working in TAP mode and the in-guest Agent is offline, the Deep Security Virtual Appliance status will display "Stand By". But, Deep Security Virtual Appliance is actually online and IP/FW events logs are still generated as rules are triggered. [10948]
2. What's New ======================================================================== 2.1 Enhancements ===================================================================== There are no enhancements in this release. 2.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): 2.3 Security Updates ===================================================================== [DSSEG-5775/DSSEG-5889/DSSEG-5537/DSSEG-5905] Security updates are included in this release. For more information about how we protect against vulnerabilities, visit https://success.trendmicro.com/vulnerability-response. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. Highest CVSS Score: 9.8 Highest Severity: Critical - Updated JRE to the latest Critical Patch Update release (8.0.251) CVSS Score: 5.3 - Upgraded Apache Tomcat to 8.5.53.
6. Known Incompatibilities ======================================================================== - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 27 does not support version 8.0 and earlier versions of Deep Security Virtual Appliance and Deep Security Agent. - When adding vCloud in this version of Deep Security, only agentless Anti-Malware and Integrity Monitoring in vCNS is supported and must be added only to the tenants. NSX, Combined Mode and adding vCloud to the primary tenant is not supported. 7. Known Issues ======================================================================== - Some platforms (e.g. Linux) do not distinguish network interfaces at the packet level, when they are connected to the same network. When enabling "Policy -> Interface Types -> Rules can apply to specific interfaces" on these platforms, firewall policies that attempt to distinguish between network interfaces connected to the same network will result in only one of the policies being applied. [29543] - The Trusted Platform Module (TPM) monitoring does not work on vSphere 6 environment. When enabled, the event "The vCenter sent empty or unreliable TPM information that has been ignored. This is only an issue if the problem persists" will appear. In rare circumstances, the value may also be unreliable on vSphere 5.5 environment. VMware is already investigating this issue. [29268/27166] - When doing vMotion of many simultaneous VMs, some of the VMs may appear as Anti-Malware Engine Offline after it moves to the new host. This occurred because the DSM checked the status of the VMs during heartbeat before the vMotion is finished. Doing another check status or waiting for the next heartbeat will fix the status. [28825] - Deep Security Azure Connector does not identify virtual machines created by Azure Resource Manager a.k.a ARM VM (v2). DSA installed in ARM VM will not be included in Azure connector but in normal computer list. This limitation will have no impact on security features provided by Deep Security. [29630] - If vMotion occurs while Anti-Malware scan is happening, there is a possibility that the scan will not continue after moving from one Agentless protected host to another. If you see an event saying "Manual Malware Scan Failure" or if you see a "Manual Malware Scan Started" without a corresponding "Manual Malware Scan Completed", then this means that the scan has stopped and did not finish. [28059] - During the upgrade process after removing the Filter Driver, Deep Security Manager 9.6 Patch 1 will display "Intrusion Prevention Engine Offline and Firewall Engine Offline" regardless of policy until the Deep Security Virtual Appliance is upgraded to version 9.6 Patch 1. [28992] - If the Deep Security Relay is down during deployment of Deep Security Virtual Appliance, it will fail to upgrade to version 9.6 and will cause the vShield Endpoint to not register. Even after the Deep Security Virtual Appliance upgrade becomes successful, the vShield Endpoint will remain in a Not Registered state. Reactivating the Deep Security Virtual Appliance will resolve this issue. [28712] - If agentless Anti-Malware real-time protection is turned off, the notifier will not get any status updates from the appliance. It will then turn off Antivirus protection in the Windows Action Center. [29230/29574] - When you deactivate the Deep security Virtual Appliance or agentless protection, the notifier will not be able to get any status from the Deep Security Virtual Appliance. The notifier knows that Anti-Malware is not working so it will turn it off in the Windows Action Center. It does not know the status of the firewall so it will leave the firewall status in the Windows Action center in its last known state. [29230/29574] - Due to the lack of support of a cipher suite, Microsoft Windows XP and 2003 are no longer able to download the Deep Security Agent using a standard deployment script. As work-around, put the agent package on a web server and modify the deployment script to download it from the new location rather from the Deep Security Manager. (DSSEG-1237) - The CPU Usage (Agent only) setting under Manual and Scheduled Scan Configuration in the Deep Security Manager console is not working on SUSE 10 SP3 and SP4. [20717] - Agentless protection is not supported in ESX 5.1 with NSX. ESX 5.5, VCenter 5.5 and NSX Manager 6.0.5 are the minimum requirements for agentless protection. [22062] - Excluding a folder in Anti-Malware agentless protection would also exclude folders that starts with the same folder name. For example, excluding c:\temp also excludes c:\temp1 and c:\temp2 from Anti-Malware scanning. [22037] - Anti-Malware, Web Reputation, Integrity Monitoring, and Log Inspection should not be enabled on the policy that is assigned to the Deep Security Virtual Appliance itself. These features are not supported when applied to the Deep Security Virtual Appliance and may produce error events. [21250] - It can take up to 30 minutes before the appliance is ready for deployment through NSX Manager after importing the Deep Security Virtual Appliance package to the DSM. Deploying the appliance before the package is in place at <DSM Install Directory>\temp would result in failure. [23150] - The Deep Security Manager will display the platform of CentOS machines as Red Hat. This is because the agent package used in CentOS and Red Hat are the same and labeled as Red Hat agent package. [21674/25156] - Location awareness will not work on pure IPv6 environment. [12776] - Infected file will still appear in Quarantined Files list even if the Anti-Malware Event says Quarantine Failed. [21620] - In the computer updates page, DSM will show Smart Scan Agent Pattern, Spyware Active Monitoring Pattern and Virus pattern in Deep Security Agent for Linux regardless of the scan mode. [21829] - Software update using IPv6 is currently not supported by Trend Micro download center. [25937] - Deep Security Agent running on SUSE in Azure cloud will not be managed under Azure cloud account in the Deep Security Manager. The agent will appear under normal computers list. [26499] - After Deep Security Agent upgrade, the event "Abnormal Restart Detected" may appear. The upgrade is not affected by this event and may be safely ignored. Do Clear Warnings and Errors and perform a Check Status to reflect the actual status of the agent. [26619] - The Out of Sync relays hyperlink displays the correct count but clicking the link will display both out of date computers and relays. [23418/21042] - In NSX 6.1.2 and earlier, if more than one NSX Security Groups are defined and applied to the NSX Security Policy that contains Deep Security Services, any un-applying of the policy will not be reflected in Deep Security Manager with respect to NSX Security Group membership. [25304] - In NSX 6.1.1 and earlier, if you remove the Deep Security Services from an NSX Security Policy, it will not be reflected in Deep Security Manager with respect to NSX Security Group membership. [25303] - Deep Security Manager does not support installation paths that contain special characters (non-alphabet and non-numeric characters). The same restriction also applies to the database name and/or database account used by Deep Security Manager. [16708] - When a user runs Agent-initiated recommendation scan using the "dsa_control -m RecommendationScan:true" command, no system event related to recommendation scan is recorded. - In rare situations, Deep Security Manager may not correctly identify the status of the EPsec Driver installed on an ESXi. When you activate an Appliance, if Deep Security Manager does not identify the correct status of vShield Endpoint, it will not register with the vShield Manager. If Deep Security Manager gives you this warning, perform a full "Synchronize" with your vCenter and it will update the current installation status of all drivers on all ESXi(s) in the environment. [17636] - In Multi-Tenant installations, the Primary tenant Deep Security Manager may cause "Reconnaissance Detected: Network or Port Scan" alerts on Tenants' Deep Security Managers. To avoid these alerts, Tenants can manually add the Primary Tenant's Deep Security Manager IP address to the "Ignore Reconnaissance" IP list. (Policies > Common Objects > Lists > IP Lists). [17175] - In rare cases, adding a vCloud or AWS Cloud Account in Deep Security Manager can result in the creation of two identical Cloud Accounts. If this occurs, either one of the two accounts can be safely removed. [17280/17051] - In a cloud provider environment if the "Enable regular synchronization with Cloud Provider" option is disabled, changing the Deep Security Agent hostname will disrupt the communication between Deep Security Manager and Deep Security Agent. Trend Micro strongly recommends keeping the "Enable regular synchronization with Cloud Provider" option ON. [15608] - If the Manager node(s) and the Database are installed on machines with synchronized clocks but configured for different time-zones, an error indicating that the clocks are not synchronized will be triggered incorrectly. [17100] - On Windows 2008 and Server 2012 systems, after installing the Deep Security Manager with a co-located Relay, the Deep Security Notifier icon does not automatically appear in the Windows notification area. However, the Deep Security Notifier will still function. Users need to re-launch the Deep Security Notifier from the "Start" menu or restart the system. [17533] - When using Deep Security in iCRC mode, a DNS server must be available. If a DNS server is unavailable the Anti-Malware feature of the Deep Security Virtual Appliance may not function correctly. [Deep Security 8.0-01169] - Deep Security Manager does not support License updates or connecting to the Trend Micro Certified Safe Software Service using a SOCKS5 proxy. To use these two features, use an HTTP proxy. [Deep Security 8.0-1024] - In certain cases, when attempting to use the dsm_s stop command on Linux to stop the Deep Security Manager service, you may get the following message: "Timeout. Daemon did not shutdown yet." Dsm_s is based on install4j whose timeout value is 15 seconds, which cannot be changed. The Deep Security Manager may require longer than this to shut down. To ensure the service has been shut down run the "ps -ef | grep DSMService" command before using the dsm_s stop command. [Deep Security 8.0-00095] - Air-gapped Relays will still try to contact an Update Server to check for Updates. To avoid update failure alerts, set the Relay to use itself as an update source: 1. In the Relay's "Details" window, go to "System > System Settings > Updates". 2. In the "Relays" area, select "Other Update Source:" and add "https://localhost:4122". 3. Click "Save". [Deep Security 8.0-01124] - If an ESXi with an installed vShield Endpoint driver is removed from its vCenter, Deep Security Manager cannot detect the installed driver if the ESXi is later re-added to the vCenter. This will cause any newly Deep Security Virtual Appliance- protected virtual machines to not have Anti-Malware enabled. The workaround is to uninstall and reinstall the driver through the VSM. [Deep Security 8.0-01036] - Intrusion Prevention is not supported over SSL connections when using IPv6. - The Anti-Malware scan inclusion/exclusion directory settings are sensitive to forward slash "/" and backslash "\". For use with Windows operating systems the inclusion/exclusion paths must use the backslash "\". [7.5 SP1-00231] - When creating custom Integrity Monitoring Rules using the "RegistryKeySet" tag, the attribute values must be in uppercase letters. For example, <RegistryKeySet base="HKLM\SOFTWARE">. Using lowercase may result in an "Integrity Monitoring Rule Compile Issue" error. [7.5 SP1-00171] - Malware scans of network shared folders are only supported using real-time scan. Manual scans or scheduled scans will not work. [7.5-00012] - If a CD or a mounted ISO file contains malware and the Anti-Malware configuration is set to "Delete" upon detection, Deep Security Manager will still report that the malware was "deleted" even if it was unable to do so. [7.5-00010] - Deep Security Manager cannot display an incorrect filename event in the Anti-Malware Event if the malware was found in the "Recycle Bin". [7.5-00023] - During an upgrade, the Deep Security Manager service may not be able to install properly on some platforms if the "Services" screen is open. To work around this, make sure the "Services" screen is closed prior to installation or upgrade of Deep Security Manager. - If you receive a "java.lang.OutOfMemoryError" error during the installation of Deep Security Manager, please refer to the "Installation Guide" for instructions on how to configure the maximum memory usage for the installer. - During an upgrade, if you receive a message stating that the Deep Security Manager cannot start the service, restarting Deep Security Manager usually fixes the problem. In rare cases, you may have to run the installer again in Upgrade/Repair mode after restarting. - If Windows Firewall is enabled on Deep Security Manager, it may interfere with port scans causing false port scan results. Windows Firewall may proxy ports 21, 389, 1002, and 1720 resulting in these ports always appearing open regardless of any filter placed on the computer. - By default Exchange 2000 and later servers will dynamically assign a non-privileged port (1024-65535) for communications between the client and the server for the System Attendant, Information Store, and Name Service Provider Interface (NSPI) services. If you will be using the Microsoft Exchange Server profile with an Exchange 2000 or later server then you should configure these services to use static ports as described in the article "Exchange 2000 and Exchange 2003 static port mappings" (http://support.microsoft.com/?kbid=270836). Once static ports have been configured you should extend the appropriate Exchange Server port list to include the ports that have been assigned to these services. You may also want to set the "No RFR Service" registry setting to "1" to prevent the Exchange server from referring clients to the domain controller for address book information. See the article "How Outlook 2000 Accesses Active Directory" (http://support.microsoft.com/?kbid=302914) for more information. Alternatively, it is possible to configure Exchange RPC to run over HTTPS if you are using Outlook 2003 on Windows XP Service Pack 1 or later with Exchange Server 2003. In this case only port 443 needs to be added to the Exchange port list. - The "Recommendation" Alert may remain raised on some computers even after all recommended Intrusion Prevention, Integrity and Log Inspection Rules appear to have been applied. This can occur because even though an "Application Type" may be recommended for a computer, the "Application Type" will not be displayed in the "Show Recommended" view if no Intrusion Prevention Rules associated with Application Type are currently recommended. To resolve the situation, use the "Show All" view of the Intrusion Prevention Rules screen and assign all recommended "Application Types" (even if no associated Rules are currently recommended). Alternatively, you can just dismiss the alert after verifying that you have assigned all recommended rules to the computer. [8345] - When an Appliance-protected VM is migrated from one Appliance-protected ESXi to another, and if that virtual machine currently has warnings or errors associated with it (for example "Reconnaissance Detected"), those errors may incorrectly get cleared during the migration. [10602] - Log Inspection Events have a size limitation of 6000 characters.
- 作者:佐々木 伸彦
- 発売日: 2020/01/23
- メディア: 単行本(ソフトカバー)