Deep Security Manager - 11.0 update 23
Enhancements
- Deep Security verifies your signature on the Deep Security Agent to ensure that the software files have not changed since the time of signing. DSSEG-5875
Resolved issues
- Upgrading to Deep Security Manager 11 was blocked if you had installed Deep Security Virtual Appliance into NSX-V 6.4.7 on ESXi 7.0. SEG-82636,/SEG-82637/DSSEG-5927
- The X-Forward-For data was not included with syslog events that were forwarded to a SIEM server. SEG-85234/SF03570971/DSSEG-6081
What's new in Deep Security Manager? | Deep SecuritySecurity updates
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-4652/03296737/DSSEG-5773/DSSEG-5815
- Highest CVSS Score: 9.8
- Highest Severity: Critical
Deep Security Agent Linux - 11.0 update 23
Enhancements
- Deep Security verifies your signature on the Deep Security Agent to ensure that the software files have not changed since the time of signing. DSSEG-3787
- You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents > Data Privacy and selecting No. SF03237033/DSSEG-6018
Resolved issues
- Application Control sometimes blocked applications that should have been allowed as they were created by a trusted updater. SEG-77446/03206632/DSSEG-5915
- After applying rule 1006540, "Enable X-Forwarded-For HTTP Header Logging", Deep Security would extract the X-Forwarded-For header for Intrusion Prevention events correctly. However, a URL intrusion like "Invalid Traversal" would be detected in the HTTP request string before the header was parsed. The Intrusion Prevention engine has been enhanced to search X-Forwarded-For header after the header is parsed. SEG-80178/SF03373044/DSSEG-5942
- The Deep Security Agent network driver crashed. SEG-82544/SF03478737/DSSEG-5945
- Deep Security Agent detected false file change events due to the setuid/setgid formatting. The agent also generated false file attribute changes in /usr/bin following an upgrade caused by the file creation time change. SEG-79507/DSSEG-5929
- Deep Security Manager reported a security update timeout because Deep Security Agent received exceptions at security updates. SEG-82072/03273761/DSSEG-5925
- Real-time Anti-Malware with filesystem hooking enabled did not work on older kernel versions. SEG-82411/SF03471236/DSSEG-5954
- Deep Security Agent sometimes crashed when the "Scan for Integrity" scan was running. SEG-82795/03462751/DSSEG-5971
- Real-time Anti-Malware with filesystem hooking enabled did not work on older kernel versions. DSSEG-5990
- Application Control included script files with the ".cron" extension as part of the allowed inventory. SEG-76680/SF03240341/DSSEG-5686
Deep Security Agent Unix - 11.0 update 23
Enhancements
- Deep Security verifies your signature on the Deep Security Agent to ensure that the software files have not changed since the time of signing. DSSEG-3787
- You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents > Data Privacy and selecting No. SF03237033/DSSEG-6018
Resolved issues
- Application Control sometimes blocked applications that should have been allowed as they were created by a trusted updater. SEG-77446/03206632/DSSEG-5915
- After applying rule 1006540, "Enable X-Forwarded-For HTTP Header Logging", Deep Security would extract the X-Forwarded-For header for Intrusion Prevention events correctly. However, a URL intrusion like "Invalid Traversal" would be detected in the HTTP request string before the header was parsed. The Intrusion Prevention engine has been enhanced to search X-Forwarded-For header after the header is parsed. SEG-80178/SF03373044/DSSEG-5942
- The Deep Security Agent network driver crashed. SEG-82544/SF03478737/DSSEG-5945
- Deep Security Agent detected false file change events due to the setuid/setgid formatting. The agent also generated false file attribute changes in /usr/bin following an upgrade caused by the file creation time change. SEG-79507/DSSEG-5929
- Deep Security Manager reported a security update timeout because Deep Security Agent received exceptions at security updates. SEG-82072/03273761/DSSEG-5925
- Deep Security Agent sometimes crashed when the "Scan for Integrity" scan was running. SEG-82795/03462751/DSSEG-5971
- Application Control included script files with the ".cron" extension as part of the allowed inventory. SEG-76680/SF03240341/DSSEG-5686
Deep Security Agnet Windows - 11.0 update 23
Enhancements
- Deep Security verifies your signature on the Deep Security Agent to ensure that the software files have not changed since the time of signing. DSSEG-3787
- You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents > Data Privacy and selecting No. SF03237033/DSSEG-6018
Resolved issues
- Application Control sometimes blocked applications that should have been allowed as they were created by a trusted updater. SEG-77446/03206632/DSSEG-5915
- After applying rule 1006540, "Enable X-Forwarded-For HTTP Header Logging", Deep Security would extract the X-Forwarded-For header for Intrusion Prevention events correctly. However, a URL intrusion like "Invalid Traversal" would be detected in the HTTP request string before the header was parsed. The Intrusion Prevention engine has been enhanced to search X-Forwarded-For header after the header is parsed. SEG-80178/SF03373044/DSSEG-5942
- The Deep Security Agent network driver crashed. SEG-82544/SF03478737/DSSEG-5945
- Deep Security Agent detected false file change events due to the setuid/setgid formatting. The agent also generated false file attribute changes in /usr/bin following an upgrade caused by the file creation time change. SEG-79507/DSSEG-5929
- Deep Security Manager reported a security update timeout because Deep Security Agent received exceptions at security updates. SEG-82072/03273761/DSSEG-5925
- Deep Security Agent sometimes crashed when the "Scan for Integrity" scan was running. SEG-82795/03462751/DSSEG-5971
- Application Control included script files with the ".cron" extension as part of the allowed inventory. SEG-76680/SF03240341/DSSEG-5686
- 作者:佐々木 伸彦
- 発売日: 2020/01/23
- メディア: 単行本(ソフトカバー)