Trend Micro Deep Security 11.0 Update 6 公開のお知らせ:サポート情報 : トレンドマイクロ
Deep Security 11.0 Update 6 のモジュールを公開いたしました。
■ 公開開始日2019 年 1 月 25 日 (金)
■ 対象モジュール
Deep Security Manager
Linux 版 Deep Security Agent
Unix 版 Deep Security Agent
Windows 版 Deep Security Agent
Windows 版 Deep Security Notifier
■ 追加機能/修正内容Solaris対応のDeep Secuity Agentが追加されました。
サポート情報 : トレンドマイクロ
追加機能や修正内容は付属の Readme をご覧ください。
※日本語のReadmeは一か月以内を目安に公開いたします。
Deep Security Manager
2. What's New
========================================================================
2.1 Enhancements
=====================================================================
The following enhancements are included in this release:
Enhancement 1: [DSSEG-3220]
Added the ability to enforce strong ciphers in Deep
Security.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 2: [DSSEG-3196]
Oracle JRE 8u181 has been replaced with Azul Zulu
OpenJDK 8u192.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 3: [DSSEG-3160]
When a protected ESXi is upgraded to a newer version
or a new ESXi version is deployed, Deep Security
Manager will automatically detect the ESXi version and
add it to the Trend Micro Deep Security service in NSX
Manager, which helps to ensure the successful
deployment of the related version of dsva.ovf.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 4: [DSSEG-2959/SEG-12461]
The error handling mechanism for processing events
retrieved from a vCenter server has been refined.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.2 Resolved Known Issues
=====================================================================
This release resolves the following issues:
Issue 1: [DSSEG-3314]
/rest/alerts sometimes returned inaccurate results.
Solution 1: Improvements have been made to /rest/alerts to ensure
that accurate results are returned.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 2: [DSSEG-3251/SF01373134/SEG-39714]
Deep Security Manager showed many Internal Software
Error system events when "Events Retrieved" and
"Agent/Appliance Error" were not recorded in "System
Settings > System Events".
Solution 2: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 3: [DSSEG-3250/SEG-40884/1475286]
The Deep Security Manager shows "Internal server
error" when browsing the hosts in the Computers page.
Solution 3: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 4: [DSSEG-2392/SEG-28457]
When agent self-protection was enabled in a policy and
the policy was duplicated, the duplicate copy of the
policy did not include the correct self-protection
password.
Solution 4: A duplicate policy now includes the agent self-
protection password, if one was specified in the
original policy.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deep Security Agent Linux
2. What's New
========================================================================
2.1 Enhancements
=====================================================================
The following enhancements are included in this release:
Enhancement 1: [DSSEG-3311/SEG-39216]
Real-time Anti-Malware scans are now supported for
CloudLinux 6 (64-bit).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 2: [DSSEG-2995]
Deep Security Agent has been updated to support PFS
cipher suites.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.2 Resolved Known Issues
=====================================================================
This release resolves the following issues:
Issue 1: [DSSEG-3353/DSSEG-3177/SEG-39670]
An Integrity Monitoring rule could be triggered
unintentionally when the prefix of its base directory
path matched that of another rule. For example, if you
had rules that monitored "c:\lab\" and "c:\lab1\", and
added a file "c:\lab1\sample.txt", both rules would be
triggered.
Solution 1: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 2: [DSSEG-3267]
Deep Security Agent real-time Anti-Malware scans
didn't work correctly with a Linux 4.12 kernel.
Solution 2: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 3: [DSSEG-3123]
When real-time Anti-Malware scans were enabled on
Linux, a lot of Linux Security Module logs were
generated.
Solution 3: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 4: [DSSEG-3110]
A native firewall could not be turned on/off
automatically after the Deep Security Firewall module
was enabled or its configuration was changed.
Solution 4: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 5: [DSSEG-2740/SF01098357/SEG-33956]
The Deep Security Agent process would crash due to a
race condition in the Web Reputation Service rating
thread when the protocol of the connection to the
rating server (Smart Protection Server) was "https".
Solution 5: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deep Security Agent Windows
2. What's New
========================================================================
2.1 Enhancements
=====================================================================
The following enhancement is included in this release:
Enhancement 1: [DSSEG-2995]
Deep Security Agent has been updated to support PFS
cipher suites.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.2 Resolved Known Issues
=====================================================================
This release resolves the following issues:
Issue 1: [DSSEG-3353/DSSEG-3177/SEG-39670]
An Integrity Monitoring rule could be triggered
unintentionally when the prefix of its base directory
path matched that of another rule. For example, if you
had rules that monitored "c:\lab\" and "c:\lab1\", and
added a file "c:\lab1\sample.txt", both rules would be
triggered.
Solution 1: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 2: [DSSEG-3334]
Due to a side effect from a previous fix, the Network
Filter Driver would pass packets through a broadband
wireless interface.
Solution 2: This issue has been resolved in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 3: [DSSEG-3215]
When both Anti-Malware real-time scans and SAP scanner
were enabled on a Windows computer that had SAP
NetWeaver 7.5+ installed, a virus could be detected
and quarantined, but the error code returned to SAP
NetWeaver was not correct.
Solution 3: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 4: [DSSEG-3144/SF01350094/SEG-39265]
When a system boots up, both the Deep Security Agent
and AMSP service (Anti-Malware engine) are started.
The AMSP service sometimes takes longer to initialize
than the agent. If the agent launched a security
update task before the AMSP initialization was
finished, the update task failed with the error "Anti-
Malware Engine Offline".
Solution 4: If the AMSP service starts normally (within
approximately 180 seconds), the pattern update will be
successful.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 5: [DSSEG-3110]
A native firewall could not be turned on/off
automatically after the Deep Security Firewall module
was enabled or its configuration was changed.
Solution 5: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 6: [DSSEG-2758]
When upgrading Deep Security Agent, the operating
system would sometimes reboot automatically.
Solution 6: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 7: [DSSEG-2740/SF01098357/SEG-33956]
The Deep Security Agent process would crash due to a
race condition in the Web Reputation Service rating
thread when the protocol of the connection to the
rating server (Smart Protection Server) was "https".
Solution 7: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deep Security Agent Unix
2. What's New
========================================================================
2.1 Enhancements
=====================================================================
The following enhancements are included in this release:
Enhancement 1: [DSSEG-3023]
The version of zlib used by the Deep Security Agent
has been updated to zlib-1.2.11.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 2: [DSSEG-2971]
The version of curl used by the Deep Security Agent
has been updated to curl-7.61.1.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 3: [DSSEG-3090/SEG-37605]
This release updates the Anti-Malware scan engine to
latest version.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 4: [DSSEG-2606]
The version of OpenSSL used by the Deep Security Agent
and Deep Security Relay has been updated
to openssl-1.0.2o.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 5: [DSSEG-2995]
Deep Security Agent has been updated to support PFS
cipher suites.
2.2 Resolved Known Issues
=====================================================================
This release resolves the following issues:
Issue 1: [DSSEG-3353/SEG-39670]
An Integrity Monitoring rule could be triggered
unintentionally when the prefix of its base directory
path matched that of another rule. For example, if you
had rules that monitored "c:\lab\" and "c:\lab1\", and
added a file "c:\lab1\sample.txt", both rules would be
triggered.
Solution 1: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 2: [DSSEG-3238]
Deep Security Agent on Solaris had a memory leak when
writing the debug log.
Solution 2: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 3: [DSSEG-3177/SEG-39670]
An Integrity Monitoring rule could be triggered
unintentionally when the prefix of its base directory
path matched that of another rule. For example, if you
had rules that monitored "c:\lab\" and "c:\lab1\", and
added a file "c:\lab1\sample.txt", both rules would be
triggered.
Solution 3: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 4: [DSSEG-3028]
When the Anti-Malware protection module was enabled
for a Deep Security Agent running on Solaris 10 Update
7 or earlier, the Anti-Malware module would fail to
initialize and its status was displayed as offline.
Solution 4: The Anti-Malware code has been modified to initialize
successfully.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 5: [DSSEG-3012]
An unactivated Deep Security Agent could reach 100%
CPU usage when handling a long HTTPS request.
Solution 5: The issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 6: [DSSEG-2968]
When upgrading the Deep Security Agent on Solaris 10,
the upgrade process sometimes terminated before the
new software was fully installed.
Solution 6: The upgrade process now includes a check to prevent
the situation that led to failed upgrades.
Note 6: To accommodate the upgrade process on a wide variety
of hardware, the check happens five minutes after the
upgrade begins. In some cases, the Deep Security
Manager will not show the new software version until
the upgrade is complete and the check has happened.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 7: [DSSEG-2877/SEG-5825/573707/00461478/00386295/00487753]
Users who are not using a local Smart Protection
Server (SPS) reported many Dropped Retransmit
"rxjammed" events in the Firewall when using Web
Reputation Service, which caused the Firewall logs to
fill up.
Solution 7: Dropped Retransmit "rxjammed" events are no longer
recorded in the Firewall log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 8: [DSSEG-2835/SEG-33414/00854640]
The Deep Security Agent's CPU usage spiked every 10
seconds.
Solution 8: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 9: [DSSEG-2752]
When using Deep Security Agent on Solaris, the port
scanning feature of the Integrity Monitoring module
did not work because the agent did not have access to
information on the user ID under which a given port
was opened. This prevented storage of any listening
port information.
Solution 9:
The port scanning feature on Solaris agents has been
modified to store the string "n/a" for the userid.
This allows the remaining port information to be
stored and used in the port scanning function.
However, exclusions and inclusions based on User ID
still do not function correctly because this
information is not available.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 10: [DSSEG-2740/SF01098357/SEG-33956]
The Deep Security Agent process would crash due to a
race condition in the Web Reputation Service rating
thread when the protocol of the connection to the
rating server (Smart Protection Server) was "https".
Solution 10: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 11: [DSSEG-2739]
When Deep Security Agent was installed on a virtual
machine (VM) and the VM was reverted to an earlier
state, Log Inspection event data was not synchronized
properly between the Deep Security Agent and Deep
Security Manager.
Solution 11: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 12: [DSSEG-2735/SEG-34502]
When a TCP connection was established with the same
tuples as a previously tracked one, the network engine
could set the connection track to an incorrect status.
This sometimes happened on a busy server where rapid
connections reused a recycled connection. The network
engine treated it as an "Out of connection" error and
dropped the packet.
Solution 12: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 13: [DSSEG-2673]
The Deep Security Agent install, upgrade, and
uninstall processes sometimes encountered issues
related to filter driver loading and unloading.
Solution 13: Deep Security Agent code has been restructured to make
the install and upgrade more stable.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 14: [DSSEG-2566]
When firewall or intrusion prevention rules were
assigned to specific network interfaces, it sometimes
did not trigger network configuration recompilation,
and the Deep Security Agent Network Engine wouldn't
load the expected configuration.
Solution 14: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 15: [DSSEG-2539/SEG-30378]
Deep Security Agent crashed when it received a SIGPIPE
signal in a Solaris environment.
Solution 15: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 16: [DSSEG-2504]
When the Deep Security Agent was deployed on a
computer running Solaris, memory usage increased,
sometimes using more than 8 GB of RAM.
Solution 16: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 17: [DSSEG-2417/SEG-26134/00817382]
When certain Intrusion Prevention rules for Oracle
Database Server were enforced, the network filter
driver crashed the computer.
Solution 17: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 18: [DSSEG-2408/00863552/SEG-29915]
Deep Security Agent would sometimes crash when
collecting truncated logs from the kernel module.
Solution 18: The issue is resolved in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deep Security Agent 11.0 Update 6 for
2. What's New
========================================================================
2.1 Enhancements
=====================================================================
The following enhancement is included in this release:
Enhancement 1: [DSSEG-2995]
Deep Security Agent has been updated to support PFS
cipher suites.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.2 Resolved Known Issues
=====================================================================
This release resolves the following issues:
Issue 1: [DSSEG-3353/DSSEG-3177/SEG-39670]
An Integrity Monitoring rule could be triggered
unintentionally when the prefix of its base directory
path matched that of another rule. For example, if you
had rules that monitored "c:\lab\" and "c:\lab1\", and
added a file "c:\lab1\sample.txt", both rules would be
triggered.
Solution 1: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 2: [DSSEG-3334]
Due to a side effect from a previous fix, the Network
Filter Driver would pass packets through a broadband
wireless interface.
Solution 2: This issue has been resolved in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 3: [DSSEG-3215]
When both Anti-Malware real-time scans and SAP scanner
were enabled on a Windows computer that had SAP
NetWeaver 7.5+ installed, a virus could be detected
and quarantined, but the error code returned to SAP
NetWeaver was not correct.
Solution 3: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 4: [DSSEG-3144/SF01350094/SEG-39265]
When a system boots up, both the Deep Security Agent
and AMSP service (Anti-Malware engine) are started.
The AMSP service sometimes takes longer to initialize
than the agent. If the agent launched a security
update task before the AMSP initialization was
finished, the update task failed with the error "Anti-
Malware Engine Offline".
Solution 4: If the AMSP service starts normally (within
approximately 180 seconds), the pattern update will be
successful.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 5: [DSSEG-3110]
A native firewall could not be turned on/off
automatically after the Deep Security Firewall module
was enabled or its configuration was changed.
Solution 5: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 6: [DSSEG-2758]
When upgrading Deep Security Agent, the operating
system would sometimes reboot automatically.
Solution 6: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 7: [DSSEG-2740/SF01098357/SEG-33956]
The Deep Security Agent process would crash due to a
race condition in the Web Reputation Service rating
thread when the protocol of the connection to the
rating server (Smart Protection Server) was "https".
Solution 7: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
