Deep Security Manager

**Enhancement
-Added the "TrendMicroDsPacketData" field to Firewall events that are syslog forwarded via the Deep Security Manager. (DSSEG-4856)
-Added the following hidden setting command to prevent Behaviour Monitoring from detecting .dlls:<BR>dsm_c -action changesetting -name com.trendmicro.ds.antimalware:settings.configuration.bmExploitLoadRemoteLibExceptionList -value "abc.dll;123.dll"

To implement this enhancement send the policy to Deep Security Agent.

In addition to the "123.dll" base name, wildcards are also supported. You can add a value such as "\10.1.1.1\remote*", and all the .dlls in this remote path won't be detected. (DSSEG-4976)

**Resolved issues
-The column names in the CSV output of the "Security Module Usage Report" were partially misaligned with the data columns. (SEG-66258/SF02718206/DSSEG-5029)
-In the Malware Scan Configuration window (Computers/Policies > Anti-Malware > General > Manual Scan > Edit > Advanced and select Scan Compressed File) the Maximum number of files to extract setting could not be set to 0, meaning unlimited. (SEG-65997/02685854/DSSEG-5040)
-Shipping events to an external syslog server was slow when the option to send extended event descriptions was enabled. This lead to unacceptable delays until events arrived at the syslog server. (DSSEG-4984)
-When adding new dashboards in Deep Security Manager, if you clicked "+" on the Dashboard page and then pressed Enter several times in quick succession, multiple dashboards were created and the first dashboard would lose widgets. (DSSEG-5089)
-The advanced search on the Computers page did not work properly when the criteria included "Version field" and the value was "N/A". (SEG-66513/02740746/DSSEG-5106)
**Security updates
-Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Response. (DSSEG-5056)

Linux 版 Deep Security Agent

**Resolved issues
Anti-Malware on-demand scans did not work properly when the root directory was set to "/" in the scan directory inclusion lists. (SEG-66679/02756807/DSSEG-5052)
Memory leaks occurred in Anti-Malware if file attributes couldn't be retrieved. (SEG-67374/DSSEG-5063)
Deep Security Agent sent invalid JSON objects in response to Deep Security Manager, which caused errors in Deep Security Manager's log file. (SEG-48728/SF01919585/DSSEG-4995)

Unix 版 Deep Security Agent

**Resolved issues
-Memory leaks occurred in Anti-Malware if file attributes couldn't be retrieved. (SEG-67374/DSSEG-5063)
-Deep Security Agent sent invalid JSON objects in response to Deep Security Manager, which caused errors in Deep Security Manager's log file. (SEG-48728/SF01919585/DSSEG-4995)
-On Solaris servers with clusters, the Deep Security Intrusion Prevention module would come under heavy load while inspecting the clusters' private traffic. The extra load caused latency issues, node evictions, and loss of synchronization events.
You can now configure the Packet Processing Engine on the agent to bypass traffic inspection on a specified interface. Where a specific interface on a computer is dedicated to cluster private traffic, this configuration can be used to bypass inspection of packets sent to and received from this interface. This results in faster packet processing on the bypassed interface and other interfaces.

Use of this configuration to bypass traffic inspection is a security risk. It is up to you to determine if the benefit of reduced latency outweighs the risk involved. It is also up to you to determine whether only the nodes in the cluster have access to the subnet whose interface is being bypassed.

To implement the bypass, do the following:

1.Upgrade the Deep Security Agent to the latest build containing this fix.
2.Create a file under /etc directory named "ds_filter.conf".
3.Open the /etc/ds_filter.conf file.
4.Add the MAC addresses of all NIC cards used for cluster communication, as follows:
 MAC_EXCLUSIVE_LIST=XX:XX:XX:XX:XX,XX:XX:XX:XX:XX
5.Save.
6.Wait 60 seconds for your changes to take effect.
In the /etc/ds_filter.conf file:

-The MAC_EXCLUSIVE_LIST line must be the first line in the file.
-All letters in the MAC address must be uppercase.
-Leading zeros in each byte must be included.
Valid MAC_EXCLUSIVE_LIST:
 MAC_EXCLUSIVE_LIST=0B:3A;12:F8:32:5E
 MAC_EXCLUSIVE_LIST=0B:3A;12:F8:32:5E,6A:23:F0:0F:AB:34
Invalid MAC_EXCLUSIVE_LIST:
 MAC_EXCLUSIVE_LIST=B:3A;12:F8:32:5E
 MAC_EXCLUSIVE_LIST=0b:3a;12:F8:32:5e,6a:23:F0:0F:ab:34
 MAC_EXCLUSIVE_LIST=0B:3A;12:F8:32:5E

-If the MAC address is not valid, the interface will not be bypassed. If the exact string "MAC_EXCLUSIVE_LIST=" is not present at the beginning of the line no interfaces will be bypassed. (DSSEG-4055)

Windows 版 Deep Security Agent
Windows 版 Deep Security Notifier

**Resolved issues
-Added platform support for Windows Server 2019 19H2 version 1909 and Windows 10 19H2 version 1909. (DSSEG-4782)
-Deep Security Agent sent invalid JSON objects in response to Deep Security Manager, which caused errors in Deep Security Manager's log file. (SEG-48728/SF01919585/DSSEG-4995)
-Integrity Monitoring did not handle Russian characters correctly in files that were scanned in real-time. (SEG-64071/SF02608976/DSSEG-4983)

経営者のための 情報セキュリティQ&A45

• 作者:
• 出版社/メーカー: 日本経済新聞出版社
• 発売日: 2019/11/02
• メディア: 単行本（ソフトカバー）