ブラッディ・マンデイ｜ドラマ｜TBS CS［TBSチャンネル］

9/21(月)午前11:00〜午後10:00[全話一挙放送]

ブラッディ・マンデイ シーズン2｜ドラマ｜TBS CS［TBSチャンネル］

9/22(火)午前11:00〜午後8:00[全話一挙放送]

Deep Security Manager 12.0 update 12

Resolved issues

• When there was a Log Inspection database corruption issue, it did not affect the Log Inspection status on the Deep Security Manager. SEG-77081/02984526/DSSEG-5726
• There was a rights issue with Scheduled Tasks that caused incorrect behaviors to occur when creating them. SEG-78610/SF03320936/DSSEG-5752
• Imported VMs in vCloud were unable to activate. SEG-75542/03189161/DSSEG-5813
• Upgrading to Deep Security Manager 12 was blocked if you installed Deep Security Virtual Appliance into NSX-V 6.4.7 on ESXi 7.0. SEG-82636,/SEG-82637/DSSEG-5926
• The Computer Status widget on Deep Security Manager's dashboard did not display the correct number of managed computers. SEG-80171/03189161/DSSEG-5885

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-5814/VRTS-4652/03296737/DSSEG-5772

• CVSS Score: 9.8
• Severity: Critical

What's new in Deep Security Manager? | Deep Security

Deep Security Linux Agent - 12.0 update 12

Enhancements

• You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents > Data Privacy and selecting No. SF03237033/DSSEG-6017

Resolved issues

• When Anti-Malware real-time scans were enabled in Linux, sometimes the system crashed because buffers from procfs were not validated. SEG-80183/DSSEG-5884
• Application Control sometimes blocked applications that should have been allowed as they were created by a trusted updater. SEG-77446/03206632/DSSEG-5840
• Agent self-protection did not protect Deep Security Notifier. SEG-76015/SF03168155/DSSEG-5920
• When a Deep Security Agent was deactivated, the Anti-Malware module's language was switched to English. When the Deep Security agent was reactivated in Japanese, this sometimes caused the Anti-Malware component update to fail. SEG-79963/03184072/DSSEG-5811
• When a re-transmission packet with new packets was sent, it sometimes produced an "Unsupported SSL Version" Intrusion Prevention event./DSSEG-5879
• When there was a Log Inspection database corruption issue, it did not affect the Log Inspection status on the Deep Security Manager. SEG-77081/02984526/DSSEG-5726
• Deep Security Manager reported a security update timeout because Deep Security Agent received exceptions as security updates. SEG-82072/03273761/DSSEG-5953
• Deep Security Agent detected false file change events due to the setuid/setgid formatting. The agent also generated false file attribute changes in /usr/bin following an upgrade, which was caused by the file creation time change./DSSEG-5928
• When "Serve Application Control rulesets from relays" was enabled, unnecessary relay error events occurred./DSSEG-5988
• When the Kerberos cache file was deleted and re-added, a lot of "User Added" and "User Deleted" Integrity Monitoring events occurred. SEG-80629/03402557/DSSEG-5981

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-5255

• CVSS score: 7.8
• Severity: High
  • Updated to curl 7.67.0.
  • Updated to openssl-1.0.2t.

What's new in Deep Security Agent? | Deep Security

Deep Security UNIX Agent - 12.0 update 12

Enhancements

• You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents > Data Privacy and selecting No. SF03237033/DSSEG-6017

Resolved issues

• Application Control sometimes blocked applications that should have been allowed as they were created by a trusted updater. SEG-77446/03206632/DSSEG-5840
• Agent self-protection did not protect Deep Security Notifier. SEG-76015/SF03168155/DSSEG-5920
• When a Deep Security Agent was deactivated, the Anti-Malware module's language was switched to English. When the Deep Security Agent was reactivated in Japanese, this sometimes caused the Anti-Malware component update to fail. SEG-79963/03184072/DSSEG-5811
• Deep Security Manager reported a security update timeout because Deep Security Agent received exceptions at security updates. SEG-82072/03273761/DSSEG-5953
• Deep Security Agent detected false file change events due to the setuid/setgid formatting. The agent also generated false file attribute changes in /usr/bin following an upgrade, which was caused by the file creation time change. /DSSEG-5928
• When "Serve Application Control rulesets from relays" was enabled, unnecessary relay error events occurred. /DSSEG-5988
• On Solaris 10 servers with Deep Security Agent and debug logs enabled for Anti-Malware, the Deep Security Agent process sometimes encountered an abnormal restart. SEG-80989/SF03420394/DSSEG-5880
• When the Kerberos cache file was deleted and re-added, a lot of "User Added" and "User Deleted" Integrity Monitoring events occurred. SEG-80629/03402557/DSSEG-5981

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases.

• CVSS score: 7.8
• Severity: High
  • Updated to curl 7.67.0.
  • Updated to openssl-1.0.2t.

What's new in Deep Security Agent? | Deep Security

Deep Security Windows Agent - 12.0 update 12

Enhancements

• You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents > Data Privacy and selecting No. SF03237033/DSSEG-6017

Resolved issues

• Application Control sometimes blocked applications that should have been allowed as they were created by a trusted updater. SEG-77446/03206632/DSSEG-5840
• Agent self-protection did not protect Deep Security Notifier SEG-76015/SF03168155/DSSEG-5920
• When a Deep Security Agent was deactivated, the Anti-Malware module's language was switched to English. When the Deep Security agent was reactivated in Japanese, this sometimes caused the Anti-Malware component update to fail. SEG-79963/03184072/DSSEG-5811
• When a re-transmission packet with new packets was sent, it sometimes produced an "Unsupported SSL Version" Intrusion Prevention event. /DSSEG-5879
• When there was a Log Inspection database corruption issue, it did not affect the Log Inspection status on the Deep Security Manager. SEG-77081/02984526/DSSEG-5726
• Deep Security Manager reported a security update timeout because Deep Security Agent received exceptions at security updates. SEG-82072/03273761/DSSEG-5953
• When "Serve Application Control rulesets from relays" was enabled, unnecessary relay error events occurred. /DSSEG-5988
• When the Kerberos cache file was deleted and re-added, a lot of "User Added" and "User Deleted" Integrity Monitoring events occurred. SEG-80629/03402557/DSSEG-5981

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases.

• CVSS score: 7.8
• Severity: High
  • Updated to curl 7.67.0.
  • Updated to openssl-1.0.2t.

What's new in Deep Security Agent? | Deep Security

稼げるプレゼン

• 作者:越川慎司
• 発売日: 2020/05/15
• メディア: 単行本

Deep Security Agent 9.6 Service Pack 1 Patch 1 Update 27 for Windows

1. About Deep Security 9.6 Service Pack 1 Patch 1 Update 27
========================================================================

   1.1 Overview of This Release
   =====================================================================
   Deep Security Agent 9.6 Service Pack 1 Patch 1 Update 27 contains no
   feature enhancements and no bug fixes. For a list of the major
   changes in Deep Security 9.6 Service Pack 1 Patch 1 Update 27, please
   see the "What's New" section of the Installation Guides, which are
   available for download from the Trend Micro Download Center.

   1.2 Who Should Install This Release
   =====================================================================
   
   You should install this release if you are currently running Deep
   Security 9.0 SP1 Patch 5, 9.5 SP1 Patch 2, or 9.6. All new Deep
   Security users should install Deep Security 9.6 Service Pack 1 Patch 1 Update 27.


2. What's New
========================================================================

   2.1 Enhancements
   =====================================================================
   There are no enhancements in this release.
   

   2.2 Resolved Known Issues
   =====================================================================
   There are no issues fixed in this release.

   2.3 Security Updates
   =====================================================================
   [DSSEG-5693]   
   Security updates are included in this release. For more information 
   about how we protect against vulnerabilities, visit 
   https://success.trendmicro.com/vulnerability-response. Please note, 
   in line with responsible disclosure practices, CVE details will only 
   be made available for select security updates once patches have been 
   made available for all impacted releases. 
   

7. Known Issues
========================================================================

   - On Windows 2000, Deep Security Agent will encounter "network driver 
     installation failed" messages if the Microsoft and Symantec 
     VeriSign Root Certificate is not updated to the latest version on 
     the host machines. For details, see:
     http://intkb.trendmicro.com/solution/en-us/1119983.aspx
     [DSSEG-2376]

   - On Windows 2000, the Deep Security Agent service cannot start 
     automatically after rebooting due to a default service timeout of 
     30 seconds. [DS-21251]

   - When the agent is installed on Windows 2000, Deep Security Manager 
     may display "Managed (offline)" for the agent when enabling the 
     Firewall and/or Intrusion Prevention modules because network 
     connectivity is interrupted while a driver is installed. Users can
     wait for network connectivity to be restored, click "Clear 
     Warnings/Errors" for the computer, and then click "Check Status".
     [DSSEG-2374]

   - In rare circumstances, when enabling Anti-Malware feature on Deep
     Security Agent running on Windows XP, the AMSP service installation
     may fail with the error message "AMSP error code (0x20ff0000)". As
     a workaround, reinstall the Deep Security Agent. [29436]

   - On Windows 32-bit platforms, there is a configuration limit of 20MB
     because of the smaller kernel memory available on these platforms.
     The event "Agent configuration package too large" may appear if
     there are too many rules enabled on the Deep Security policy being
     assigned. This may be fixed by trimming down the Intrusion
     Prevention rules strictly to Recommended for Assignment only.
     [27162]

   - If the Integrity monitoring feature in Combined Mode is disabled,
     the Deep Security Notifier status will display it as Not Capable
     instead of Not Configured. [29403]

   - Deep Security Azure Connector does not identify virtual machines
     created by Azure Resource Manager a.k.a ARM VM (v2). DSA installed
     in ARM VM will not be included in Azure connector but in the normal
     computer list. This limitation will have no impact on security
     features provided by Deep Security. [29630]

   - Deep Security Agent could not convert shift-jis encoded characters
     to UTF-8. Therefore, any folders named with shift-jis encoding will
     be skipped during Integrity Monitoring scanning. [28879]

   - If agentless Anti-Malware real-time protection is turned off, the
     Notifier will not get any status updates from the Appliance.  It
     will then turn off Antivirus protection in the Windows Action
     Center. [29230/29574]

   - When you deactivate the Deep Security Virtual Appliance or
     agentless protection, the Notifier will not be able to get any
     status from the Deep Security Virtual Appliance. The Notifier
     knows that anti-malware is not working so it will turn it off in
     the Windows Action Center. It does not know the status of the
     firewall so it will leave the firewall status in the Windows Action
     center in its last known state. [29230/29574]

   - The Deep Security Notifier installed in the virtual machines should
     be upgraded to 9.6 Service Pack 1 Patch 1 Update 4 to correctly
     display the status of protection in 9.6 Service Pack 1 Patch 1
     Update 4, especially when using Combined Mode. [28557]

   - Deep Security does not support switching the Windows 2012 server
     mode between Server Core and Full (GUI) modes after the Deep
     Security Agent is installed. [28481]

   - If you are using Server Core mode in a Hyper-V environment, you
     will need to use Hyper-V Manager to remotely manage the Server Core
     computer from another computer. When the Server Core computer has
     the Deep Security Agent installed and Firewall enabled, the
     Firewall will block the remote management connection. To manage the
     Server Core computer remotely, turn off the Firewall module.
     [28481]

   - Hyper-V provides a migration function used to move a guest VM from
     one Hyper-V server to another. The Deep Security Firewall module
     will block the connection between Hyper-V servers, so you will need
     to turn off the Firewall module to use the migration function.
     [28481]

   - Deep Security Agent does not support scanning a mounted network
     folder (SMB) on the following Windows platforms:
        Windows 2016 Server (64-bit)
        Windows 2012 Server R2 (64-bit)
        Windows 2012 Server (64-bit)
        Windows 10 (32/64-bit)
        Windows 8.1 (32/64-bit)
        Windows 8 (32/64-bit)
         [22016]

   - Deep Security Notifier when using agentless protection in NSX
     environment will not work if only WRS feature is turned on.
     Agentless anti-malware must be enabled for Deep Security Notifier
     to work. [22210]

   - The Relay feature uses TCP port 4122. When enabling the Relay
     feature, make sure TCP port 4122 is allowed in any firewall being
     used. [22749]

   - Relay feature is not supported on Windows XP. [17729]

   - The Deep Security Agent anti-malware files and folder might not get
     removed on upgraded 9.0 to 9.5 Agents when uninstall is performed.
     This only happens when anti-malware feature is enabled then
     disabled in 9.0 before upgrading to 9.5 and the anti-malware
     feature was never enabled in 9.5 before uninstalling. When this
     happens, follow manual uninstall procedures in
     http://esupport.trendmicro.com/solution/en-US/1096150.aspx to
     completely uninstall. [21716]

   - Some Anti-Malware events are not generated when using Windows
     built-in decompress tool on Windows Vista and later versions.
     This issue will not happen when using 3rd party decompress tool.
     [23055]

   - Windows Add/Remove Programs or Programs and Features doesn't show
     the exact version of the Deep Security Agent. Deep Security Agent
     version consists of major.minor.sp-build but Windows only show them
     as major.minor.build. [21990]

   - CPU usage control in Scan for Integrity may not work after a
     reboot. Rebuild Integrity Baseline or reactivation will fix this.
     [20725/20563]

   - During anti-malware realtime scan, Deep Security Agent may
     sometimes produce multiple Delete Failed events even when the
     deletion was successful. This rarely occurs but it happens when the
     file is being locked by other process temporarily. [23520]

   - When upgrading Deep Security Agent on Windows 2012, an error
     message saying "Service 'Trend Micro Deep Security Agent'(ds_agent)
     could not be installed. Verify that you have sufficient privileges
     to install system services." may appear.

     This may be fixed by running Windows Update troubleshooter in
     http://support.microsoft.com/kb/910336.
     [23728]

   - Deep Security Notifier will show the status of Intrusion Prevention
     as Not Configured if the IPS has no rules assigned even if it's On.
     [22938]

   - Some security components of Deep Security Agent with Relay feature
     enabled may get removed unexpectedly after an update. As a
     workaround, retry the security update. [24004]

   - Upgrading to Deep Security Agent 9.5 or 9.6 Patch 1 by running a
     deployment script on an AWS instance that already has Deep Security
     Agent 9.0 will not work. Deep Security Agent upgrade must be done
     from the Deep Security Manager. [25598]

   - After Deep Security Agent upgrade, the event "Abnormal Restart
     Detected" may appear. The upgrade is not affected by this event and
     may be safely ignored. Do Clear Warnings and Errors and perform a
     Check Status to reflect the actual status of the Agent. [26619]

   - In some cases, a laptop computer has the "Microsoft Virtual Wi-Fi
     Miniport Adapter" option enabled. Such devices, used for creating
     Wi-Fi hotspots (ad hoc networks) through the wireless adapter,
     would enable both the real device for the true wireless connection
     and the "Microsoft Virtual Wi-Fi Miniport Adapter" for the ad hoc
     connections, with the same MAC address. This triggers Deep Security
     Agent on such laptop computers to request for an interface update
     on every heartbeat. [17502]

   - In a cloud provider environment, if the "Enable regular
     synchronization with Cloud Provider" option is disabled, changing
     the Deep Security Agent hostname will disrupt the communication
     between Deep Security Manager and Deep Security Agent. Trend Micro
     strongly recommends keeping the "Enable regular synchronization
     with Cloud Provider" option ON. [15608]

   - On Windows 2008 and Windows Server 2012, after installing Deep
     Security Manager with a co-located Relay, the Deep Security
     Notifier icon does not automatically show up in the Windows
     notification area. However, Deep Security Notifier will still
     work. Users need to re-launch Deep Security Notifier from the
     "Start" menu or restart the system. [17533]

   - The following system event log appears when you install Deep
     Security Agent on the Windows Vista, Windows 2008, or Windows 7
     platform:

     "The Trend Micro Deep Security Agent service is marked as an
     interactive service. However, the system is configured not allow
     interactive services. This service may not function properly."

     This is a normal warning on Windows Vista or higher Windows
     versions. On these platforms, Windows does not allow services
     to interact with the user's desktop, so the operating system
     displays the warning when Deep Security Agent tries to use
     interactive services. This desktop interaction feature is used
     by the Deep Security Agent to provide the restart notice
     on pre-Vista versions of Windows. The warning message can be
     safely ignored. [Deep Security 8.0 Tier 2-00253]

   - In Windows Vista and higher releases, sometimes, you will
     encounter problems while upgrading the Deep Security Agent.
     The problem is related to the timing of the VC RTL assemblies
     being published to WinSxS, but it only seems to cause trouble
     on Vista or higher and only if the version of the RTL is
     not changing. The root cause is some corrupted Windows
     components. To work around this, you can either run the
     Windows System File Checker (sfc.exe) to repair the operating
     system, or install the Microsoft Visual C++ Redistributable
     Package from the following URL before starting the upgrade
     procedure again.

       http://www.microsoft.com/download/en/details.aspx?id=26347

     After installing the package from Microsoft, you should
     restart the computer or else the upgrade may still fail. To
     recover from this, you can install the package, re-run
     the installer and restart the computer.
     [Deep Security 8.0-01044]

   - Intrusion Prevention (DPI) is not supported over SSL connections
     when using IPv6.

   - On Windows XP, you may encounter a "Fatal Error During
     Installation." message if you attempt to uninstall the
     Deep Security Agent through the "Add/Remove programs"
     page while the Agent's "Self Protection" function is enabled.

     This message comes from Windows indicating that the uninstall
     did not proceed because self-protection is enabled. It is not
     a Deep Security error.
     [Deep Security 8.0-00410]

   - When running an Anti-Malware Manual Scan with Smart Scan
     enabled, if the Deep Security Agent cannot contact the Smart
     Scan server, the resulting error event will indicate a
     "Real-Time" scan type instead of "Manual".
     [Deep Security 8.0 Tier 2-00024]

   - If network connectivity is lost for an extended period of time
     during a Deep Security Agent upgrade, you may need to restart
     the host machine.

   - It is possible that NDIS drivers will stop responding during
     Deep Security Agent installation or uninstallation if they do
     not properly free packets when requested to unbind. Deep Security
     Agent with NDIS 5.1 or NDIS 6.0 driver can free all packets
     correctly before upgrading or uninstalling. However, when
     installing or uninstalling NDIS drivers, Microsoft requires that
     all NDIS drivers be unbound and then rebound. This means that if
     other third-party NDIS drivers do not properly free packets, it
     is still possible for the Deep Security Agent install, upgrade,
     or uninstall process to stop responding. This is beyond
     Trend Micro's control and will only happen rarely. If this does
     occur then you can restart the computer and try to install,
     uninstall, or upgrade Deep Security Agent again.

   - Log Inspection Event logs are limited to 6000 characters.

   - When the network engine is working in TAP mode and the in-guest
     Agent is offline, the Deep Security Virtual Appliance status will
     display "Stand By". But, Deep Security Virtual Appliance is
     actually online and IP/FW events logs are still generated as
     rules are triggered. [10948]

Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 27

2. What's New
========================================================================

   2.1 Enhancements
   =====================================================================
   There are no enhancements in this release.
   

   2.2 Resolved Known Issues
   =====================================================================
   This release resolves the following issue(s):
   
   2.3 Security Updates
   =====================================================================
   [DSSEG-5775/DSSEG-5889/DSSEG-5537/DSSEG-5905]
   Security updates are included in this release. For more information 
   about how we protect against vulnerabilities, visit 
   https://success.trendmicro.com/vulnerability-response. Please note, 
   in line with responsible disclosure practices, CVE details will only 
   be made available for select security updates once patches have been 
   made available for all impacted releases. 
   Highest CVSS Score: 9.8
   Highest Severity: Critical
   - Updated JRE to the latest Critical Patch Update release (8.0.251)
     CVSS Score: 5.3
   - Upgraded Apache Tomcat to 8.5.53.

6. Known Incompatibilities
========================================================================

   - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 27
     does not support version 8.0 and earlier versions of Deep
     Security Virtual Appliance and Deep Security Agent.

   - When adding vCloud in this version of Deep Security, only agentless
     Anti-Malware and Integrity Monitoring in vCNS is supported and must
     be added only to the tenants. NSX, Combined Mode and adding vCloud
     to the primary tenant is not supported.

7. Known Issues
========================================================================

   - Some platforms (e.g. Linux) do not distinguish network interfaces
     at the packet level, when they are connected to the same network.
     When enabling "Policy -> Interface Types -> Rules can apply to
     specific interfaces" on these platforms, firewall policies that
     attempt to distinguish between network interfaces connected to the
     same network will result in only one of the policies being applied.
     [29543]

   - The Trusted Platform Module (TPM) monitoring does not work on
     vSphere 6 environment. When enabled, the event "The vCenter sent
     empty or unreliable TPM information that has been ignored. This is
     only an issue if the problem persists" will appear. In rare
     circumstances, the value may also be unreliable on vSphere 5.5
     environment. VMware is already investigating this issue.
     [29268/27166]

   - When doing vMotion of many simultaneous VMs, some of the VMs may
     appear as Anti-Malware Engine Offline after it moves to the new
     host. This occurred because the DSM checked the status of the VMs
     during heartbeat before the vMotion is finished. Doing another
     check status or waiting for the next heartbeat will fix the status.
     [28825]

   - Deep Security Azure Connector does not identify virtual machines
     created by Azure Resource Manager a.k.a ARM VM (v2). DSA installed
     in ARM VM will not be included in Azure connector but in normal
     computer list. This limitation will have no impact on security
     features provided by Deep Security. [29630]

   - If vMotion occurs while Anti-Malware scan is happening, there is a
     possibility that the scan will not continue after moving from one
     Agentless protected host to another. If you see an event saying
     "Manual Malware Scan Failure" or if you see a "Manual Malware Scan
     Started" without a corresponding "Manual Malware Scan Completed",
     then this means that the scan has stopped and did not finish.
     [28059]

   - During the upgrade process after removing the Filter Driver, Deep
     Security Manager 9.6 Patch 1 will display "Intrusion Prevention
     Engine Offline and Firewall Engine Offline" regardless of policy
     until the Deep Security Virtual Appliance is upgraded to version
     9.6 Patch 1.
     [28992]

   - If the Deep Security Relay is down during deployment of Deep
     Security Virtual Appliance, it will fail to upgrade to version 9.6
     and will cause the vShield Endpoint to not register. Even after the
     Deep Security Virtual Appliance upgrade becomes successful, the
     vShield Endpoint will remain in a Not Registered state.
     Reactivating the Deep Security Virtual Appliance will resolve this
     issue. [28712]

   - If agentless Anti-Malware real-time protection is turned off, the
     notifier will not get any status updates from the appliance.  It
     will then turn off Antivirus protection in the Windows Action
     Center. [29230/29574]

   - When you deactivate the Deep security Virtual Appliance or
     agentless protection, the notifier will not be able to get any
     status from the Deep Security Virtual Appliance.  The notifier
     knows that Anti-Malware is not working so it will turn it off in
     the Windows Action Center. It does not know the status of the
     firewall so it will leave the firewall status in the Windows Action
     center in its last known state. [29230/29574]

   - Due to the lack of support of a cipher suite, Microsoft Windows XP and
     2003 are no longer able to download the Deep Security Agent using a
     standard deployment script. As work-around, put the agent package on a
     web server and modify the deployment script to download it from the
     new location rather from the Deep Security Manager. (DSSEG-1237)

   - The CPU Usage (Agent only) setting under Manual and Scheduled Scan
     Configuration in the Deep Security Manager console is not working
     on SUSE 10 SP3 and SP4. [20717]

   - Agentless protection is not supported in ESX 5.1 with NSX.
     ESX 5.5, VCenter 5.5 and NSX Manager 6.0.5 are the minimum
     requirements for agentless protection. [22062]

   - Excluding a folder in Anti-Malware agentless protection would also
     exclude folders that starts with the same folder name. For example,
     excluding c:\temp also excludes c:\temp1 and c:\temp2 from
     Anti-Malware scanning. [22037]

   - Anti-Malware, Web Reputation, Integrity Monitoring, and Log
     Inspection should not be enabled on the policy that is assigned to
     the Deep Security Virtual Appliance itself. These features are not
     supported when applied to the Deep Security Virtual Appliance and
     may produce error events. [21250]

   - It can take up to 30 minutes before the appliance is ready for
     deployment through NSX Manager after importing the Deep Security
     Virtual Appliance package to the DSM. Deploying the appliance
     before the package is in place at <DSM Install Directory>\temp
     would result in failure. [23150]

   - The Deep Security Manager will display the platform of CentOS
     machines as Red Hat. This is because the agent package used in
     CentOS and Red Hat are the same and labeled as Red Hat agent
     package.
     [21674/25156]

   - Location awareness will not work on pure IPv6 environment. [12776]

   - Infected file will still appear in Quarantined Files list even if
     the Anti-Malware Event says Quarantine Failed. [21620]

   - In the computer updates page, DSM will show Smart Scan Agent
     Pattern, Spyware Active Monitoring Pattern and Virus pattern in
     Deep Security Agent for Linux regardless of the scan mode.
     [21829]

   - Software update using IPv6 is currently not supported by Trend
     Micro download center. [25937]

   - Deep Security Agent running on SUSE in Azure cloud will not be
     managed under Azure cloud account in the Deep Security Manager.
     The agent will appear under normal computers list. [26499]

   - After Deep Security Agent upgrade, the event "Abnormal Restart
     Detected" may appear. The upgrade is not affected by this event and
     may be safely ignored. Do Clear Warnings and Errors and perform a
     Check Status to reflect the actual status of the agent. [26619]

   - The Out of Sync relays hyperlink displays the correct count but
     clicking the link will display both out of date computers and
     relays. [23418/21042]

   - In NSX 6.1.2 and earlier, if more than one NSX Security Groups
     are defined and applied to the NSX Security Policy that contains
     Deep Security Services, any un-applying of the policy will not be
     reflected in Deep Security Manager with respect to NSX Security
     Group membership. [25304]

   - In NSX 6.1.1 and earlier, if you remove the Deep Security Services
     from an NSX Security Policy, it will not be reflected in Deep
     Security Manager with respect to NSX Security Group membership.
     [25303]

   - Deep Security Manager does not support installation paths that
     contain special characters (non-alphabet and non-numeric
     characters). The same restriction also applies to the database
     name and/or database account used by Deep Security Manager.
     [16708]

   - When a user runs Agent-initiated recommendation scan using the
     "dsa_control -m RecommendationScan:true" command, no system event
     related to recommendation scan is recorded.

   - In rare situations, Deep Security Manager may not correctly
     identify the status of the EPsec Driver installed on an ESXi.
     When you activate an Appliance, if Deep Security Manager does
     not identify the correct status of vShield Endpoint, it will
     not register with the vShield Manager. If Deep Security Manager
     gives you this warning, perform a full "Synchronize" with your
     vCenter and it will update the current installation status of
     all drivers on all ESXi(s) in the environment. [17636]

   - In Multi-Tenant installations, the Primary tenant Deep Security
     Manager may cause "Reconnaissance Detected: Network or Port Scan"
     alerts on Tenants' Deep Security Managers. To avoid these alerts,
     Tenants can manually add the Primary Tenant's Deep Security
     Manager IP address to the "Ignore Reconnaissance" IP list.
     (Policies > Common Objects > Lists > IP Lists). [17175]

   - In rare cases, adding a vCloud or AWS Cloud Account in Deep
     Security Manager can result in the creation of two identical
     Cloud Accounts. If this occurs, either one of the two accounts
     can be safely removed. [17280/17051]

   - In a cloud provider environment if the "Enable regular
     synchronization with Cloud Provider" option is disabled, changing
     the Deep Security Agent hostname will disrupt the communication
     between Deep Security Manager and Deep Security Agent. Trend Micro
     strongly recommends keeping the "Enable regular synchronization
     with Cloud Provider" option ON. [15608]

   - If the Manager node(s) and the Database are installed on machines
     with synchronized clocks but configured for different time-zones,
     an error indicating that the clocks are not synchronized will be
     triggered incorrectly. [17100]

   - On Windows 2008 and Server 2012 systems, after installing the
     Deep Security Manager with a co-located Relay, the Deep Security
     Notifier icon does not automatically appear in the Windows
     notification area. However, the Deep Security Notifier will
     still function. Users need to re-launch the Deep Security
     Notifier from the "Start" menu or restart the system. [17533]

   - When using Deep Security in iCRC mode, a DNS server must be
     available. If a DNS server is unavailable the Anti-Malware
     feature of the Deep Security Virtual Appliance may not function
     correctly. [Deep Security 8.0-01169]

   - Deep Security Manager does not support License updates or
     connecting to the Trend Micro Certified Safe Software Service
     using a SOCKS5 proxy. To use these two features, use an
     HTTP proxy. [Deep Security 8.0-1024]

   - In certain cases, when attempting to use the dsm_s stop command
     on Linux to stop the Deep Security Manager service, you may get
     the following message:

     "Timeout. Daemon did not shutdown yet."

     Dsm_s is based on install4j whose timeout value is 15 seconds,
     which cannot be changed. The Deep Security Manager may require
     longer than this to shut down. To ensure the service has been
     shut down run the "ps -ef | grep DSMService" command before using
     the dsm_s stop command.
     [Deep Security 8.0-00095]

   - Air-gapped Relays will still try to contact an Update Server
     to check for Updates. To avoid update failure alerts, set the
     Relay to use itself as an update source:

     1. In the Relay's "Details" window, go to "System > System
        Settings > Updates".

     2. In the "Relays" area, select "Other Update Source:" and
        add "https://localhost:4122".

     3. Click "Save".
     [Deep Security 8.0-01124]

   - If an ESXi with an installed vShield Endpoint driver is removed
     from its vCenter, Deep Security Manager cannot detect the
     installed driver if the ESXi is later re-added to the vCenter.
     This will cause any newly Deep Security Virtual Appliance-
     protected virtual machines to not have Anti-Malware enabled.
     The workaround is to uninstall and reinstall the driver
     through the VSM.
     [Deep Security 8.0-01036]

   - Intrusion Prevention is not supported over SSL connections
     when using IPv6.

   - The Anti-Malware scan inclusion/exclusion directory settings are
     sensitive to forward slash "/" and backslash "\".  For use with
     Windows operating systems the inclusion/exclusion paths must use
     the backslash "\". [7.5 SP1-00231]

   - When creating custom Integrity Monitoring Rules using the
     "RegistryKeySet" tag, the attribute values must be in uppercase
     letters. For example, <RegistryKeySet base="HKLM\SOFTWARE">.
     Using lowercase may result in an "Integrity Monitoring Rule
     Compile Issue" error. [7.5 SP1-00171]

   - Malware scans of network shared folders are only supported using
     real-time scan. Manual scans or scheduled scans will not work.
     [7.5-00012]

   - If a CD or a mounted ISO file contains malware and the
     Anti-Malware configuration is set to "Delete" upon detection,
     Deep Security Manager will still report that the malware was
     "deleted" even if it was unable to do so. [7.5-00010]

   - Deep Security Manager cannot display an incorrect filename
     event in the Anti-Malware Event if the malware was found in
     the "Recycle Bin".   [7.5-00023]

   - During an upgrade, the Deep Security Manager service may not
     be able to install properly on some platforms if the
     "Services" screen is open. To work around this, make sure
     the "Services" screen is closed prior to installation or
     upgrade of Deep Security Manager.

   - If you receive a "java.lang.OutOfMemoryError" error during the
     installation of Deep Security Manager, please refer to the
     "Installation Guide" for instructions on how to configure the
     maximum memory usage for the installer.

   - During an upgrade, if you receive a message stating that the
     Deep Security Manager cannot start the service, restarting
     Deep Security Manager usually fixes the problem. In rare cases,
     you may have to run the installer again in Upgrade/Repair mode
     after restarting.

   - If Windows Firewall is enabled on Deep Security Manager, it
     may interfere with port scans causing false port scan results.
     Windows Firewall may proxy ports 21, 389, 1002, and 1720
     resulting in these ports always appearing open regardless of
     any filter placed on the computer.

   - By default Exchange 2000 and later servers will dynamically
     assign a non-privileged port (1024-65535) for communications
     between the client and the server for the System Attendant,
     Information Store, and Name Service Provider Interface (NSPI)
     services. If you will be using the Microsoft Exchange Server
     profile with an Exchange 2000 or later server then you
     should configure these services to use static ports as
     described in the article "Exchange 2000 and Exchange 2003
     static port mappings" (http://support.microsoft.com/?kbid=270836).

     Once static ports have been configured you should extend the
     appropriate Exchange Server port list to include the ports that
     have been assigned to these services.

     You may also want to set the "No RFR Service" registry setting
     to "1" to prevent the Exchange server from referring clients to
     the domain controller for address book information. See the
     article "How Outlook 2000 Accesses Active Directory"
     (http://support.microsoft.com/?kbid=302914) for more information.

     Alternatively, it is possible to configure Exchange RPC to run
     over HTTPS if you are using Outlook 2003 on Windows XP
     Service Pack 1 or later with Exchange Server 2003. In this case
     only port 443 needs to be added to the Exchange port list.

   - The "Recommendation" Alert may remain raised on some computers
     even after all recommended Intrusion Prevention, Integrity and
     Log Inspection Rules appear to have been applied. This can
     occur because even though an "Application Type" may be
     recommended for a computer, the "Application Type" will not be
     displayed in the "Show Recommended" view if no Intrusion
     Prevention Rules associated with Application Type are currently
     recommended. To resolve the situation, use the "Show All" view
     of the Intrusion Prevention Rules screen and assign all
     recommended "Application Types" (even if no associated Rules are
     currently recommended). Alternatively, you can just dismiss the
     alert after verifying that you have assigned all recommended
     rules to the computer. [8345]

   - When an Appliance-protected VM is migrated from one
     Appliance-protected ESXi to another, and if that virtual machine
     currently has warnings or errors associated with it (for example
     "Reconnaissance Detected"), those errors may incorrectly get
     cleared during the migration. [10602]

   - Log Inspection Events have a size limitation of 6000 characters.

中小企業のIT担当者必携 本気のセキュリティ対策ガイド

• 作者:佐々木 伸彦
• 発売日: 2020/01/23
• メディア: 単行本（ソフトカバー）