2020 年 3 月 9 日 (月)
Windows 版 Deep Security Agent
追加機能や修正内容などの詳細につきましては、Release notes をご確認ください。
本モジュールは Deep Security Software にてダウンロードいただけます。
DSA12.5 Feature Release は DSA12.0 Update モジュールとは 異なるサポートポリシーとなります。
Feature Releaseにつきましては、ヘルプセンター「Deep Securityのリリースライフサイクルとサポートポリシー」をご参照ください。
DSaaSでは、これまで、インストールスクリプトを用いたAgentのデプロイや、 Agent有効化時の自動アップグレードを実施した際に、Feature Release を含む 最新版のAgent がインストールされる仕様となっておりました。
この度、DSaaSにおける「Agent バージョンコントロール機能」の実装に伴って、 インストールするバージョンを制御することが可能となりましたので、 今後は、Feature Release の公開に関するお知らせを終了させていただきます。
Agent バージョンコントロール機能の詳細につきましては、ヘルプセンター「エージェントのバージョン管理を設定する」をご確認ください。サポート情報 : トレンドマイクロ
Enhanced platform support
- Secure Boot support: Deep Security Agent and Deep Security Manager now support additional Linux OS's with Secure Boot enabled. If the Secure Boot environment or configuration is invalid, the manager now shows new agent and system events.
Improved management and quality
- Security Module Usage Report: If you are using metered billing and looking for a way to break out costs by individual cloud accounts we have made the Security Module Usage Report (Event & Reports > Generate Reports) available. This report contains a detailed breakout of consumption hours by cloud account. This data can be used to breakout the single Deep Security as a Service line item on your marketplace bill supporting chargeback to your teams.
- Added GCP information such as Instance ID, Labels, Network tags, and more, to Computer Editor > Overview > General.
- Added the Cloud Instance Metadata field to the computers page.
- Added a progress bar to Administration > User Management > Roles > New > Computer Rights > Selected Computers to indicate the status of the computers list that's loading.
- Improved the heartbeat handling for AWS Workspace deployments when the workspace sync feature is not turned on for the the matching AWS account.
- Optimized the time it takes to discover and map new GCP instances for known Google Projects inside existing GCP accounts. When an agent-initiated activation occurs, the time it takes to complete the activation and for the GCP data to be available to Deep Security as a Service has been reduced to make the product more responsive.
- If there are a lot of agent events in a single heartbeat, they will be split into multiple "Event Retrieved" events.
- When the "Untagged" filter was selected on the dashboard, some widgets continued to display tagged items. (SEG-63290/SF02585007/DS-43795)
- Tenants in a multi-tenant setup could move their relays to the primary tenant relay group. This would cause the relays to disappear from their 'Relay Management' page. Tenants are now prevented from moving their relays to the primary tenant relay group. (SEG-57715/02322762/DS-47509)
- If you have Application Control enabled, there may be a temporary performance impact while your software inventory is automatically rebuilding. (DS-41775)
Improved management and quality
- Actionable recommendations for scan failures: The Deep Security Agent provides actionable information about why a scheduled malware scan has been cancelled, and the recommended actions that should be taken to remedy the failure. For more information, see Anti-Malware scan failures and cancellations.
- Anti-Malware real-time file scan report: Deep Security has the ability to determine the top 10 files that are scanned by Anti-Malware real-time Scan. This provides a starting point for performance evaluating and tunning, as you can use this information to set file exclusions and avoid unnecessary scans. The 'AmTopNScan.txt' file with the collected data can be generated using the following methods:
- By the command dsa_control --AmTopNScan
- By the diagnostic service
- Improved process exceptions: The process exception experience has been improved in the following ways:
- We've provided information about why process exclusion items are not functioning correctly so you can troubleshoot the issue and know which actions to take to resolve it.
- We've improved the process exception configuration workflow to make it more robust.
- Windows Event Channel for Log Inspection: Windows Event Channel logging provides a new option for tracking OS and Application logging for Windows platforms newer than Windows Vista. Event channels can be used to collect Log Inspection events which you can view later.
- Enhanced the Malware Scan Failure event description to indicate the possible reason.
- Streamlined event management for improved agent performance.
- Added the ability to enable or disable Common Scan Cache for each agent through a CLI command.
- Added support for Deep Security Agent delayed upgrade to reduce the Anti-Malware offline issue after triggering an upgrade.
- Integrity Monitoring events showed an incorrect file path with Unicode encoding. (SEG-45239/DS-33911)
- Certain data structures in the Deep Security Agent packet engine were cleaned up prematurely, leading to a kernel panic and system crash. (SF01423970/SEG-43481/DS-34436)
- Kernel panic occurred when dsa_filter.ko was obtaining network device's information. (SEG-50480/DS-35192)
- The Windows Update procedure was blocked when Application Control was enabled in Block-Mode. (SF02092464/SEG-53938/DS-38578)
- Deep Security Agent's Intrusion Prevention module silently dropped zero payload UDP packets. (SEG-39711/DS-32799)
- For Web Reputation, Deep Security Agent sent the incorrect credentials to the proxy, which returned HTTP 407. (SF01704358/SEG-45004/DS-32077)
- Deep Security's Notifier.exe process caused high CPU usage. (SF01716752/SEG-45507/DS-33645)
- The "Smart Protection Server Disconnected for Smart Scan" alert did not automatically clear after the connection had been restored. (SF1609675/SEG-43574/DS-32947)
- In some cases, the Windows driver did not correctly release spinlock, causing the system to hang. (SF01990859/SEG-50709/DS-36066)
- Deep Security Agent process potentially crashed when the detailed logging of SSL message was enabled and outputted. (SF01745654/SEG-45832/DS-33007)
- When multiple Smart Protection Servers were configured, the Deep Security Agent process would sometimes crash due to an invalid sps_index. (SF01415702/SEG-42919/DS-33008)
- The "Send Policy" action failed because of a GetDockerVersion error in Deep Security Agent. (SF1939658/SEG-49191/DS-34222)
- Deep Security Agent sent invalid JSON objects in response to Deep Security Manager, which caused errors in Deep Security Manager's log file. (SF01919585/SEG-48728/DS-34022)
- The ds_agent process would sometimes crash under certain conditions when Integrity Monitoring was enabled. (SEG-50728/DS-35446)
- The Deep Security Agent network engine crashed because the working packet object was deleted accidentally. (SF01526046/SF02159742/SEG-55453/DS-38812)
- Deep Security Agent restarted abnormally along with an "Unable to send data to Notifier app. " error message in ds_agent.log. (SEG-21208/DS-33134)
- When the system region format is "Chinese (Traditional, Hong Kong SAR)", Deep Security Notifier displayed simplified Chinese instead of traditional Chinese. (SEG-48075/DS-34778)
- Unicode user names could not be displayed in real-time Integrity Monitoring file scan events. (SF02187371/SEG-56645/DS-39398)
- Deep Security Agent did not add Python extension module (PYD) files to the inventory of Application Control. (SF01804378/SEG-47425/DS-33690)
- Too many file open events were being processed in user mode resulting in high cpu usage. (SF02179544/SEG-55745/DS-39638)
- Deep Security Agent restarted abnormally along with an "Unable to send data to Notifier app. " error message in ds_agent.log. (SEG-21208/DS-21352)
- The "Type" attribute wasn't displayed in Integrity Monitoring events when the default "STANDARD" attribute was set to monitor registry value changes. (SF02412251/SEG-59848/DS-41118)
- Non-executable files that were opened with execute permissions resulted in security events and drift that should not have been generated. (SF01780211/SEG-46616/DSSEG-3607)
- High CPU use occurred when Application Control was enabled and the host application was creating a high volume of non-executable files. (SF02179544/SEG-55745/DS-41142)
- The Windows Update procedure was blocked when Application Control was enabled in Block-Mode. (SF02092464/SEG-53938/DS-39981)
- Deep Security failed to download security updates because of an outdated user agent string. (SF02043400/SEG-52069/DS-41316)
- When machines wrote document files to a file server, Anti-Malware needed to scan the files frequently, which caused other machines to fail to write the file because the file was being scanned. (SF01949194/SEG-49854/DS-40100)
- When Deep Security Agent scanned large files for viruses, it consumed a large amount of memory. (SF01572110/SEG-48704/DS-43114)
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit our Vulnerability Responses.