New features
- Improved management and quality
- Agent Version Report: The Agent Version Report has been created in order for you to view a summary of how many agents are using a specific agent version, the percentage of total agents each version is using and an overview of how many agents are online and how many are offline, all of which are broken down based on the Deep Security Agent's platform (OS). To generate the report, go to Events & Reports > Generate Reports > Single Report > New > Agent Version Report.
- Azure Government improvement: Azure Government resources can be added through the Deep Security Manager Azure connector (Computers > Add > Add Azure Account). For more information, see How do I protect Azure Government instances?.
- Database encryption: The process of encrypting the communication between Deep Security Manager and your database has been simplified. For more information, see Encrypt communication between the Deep Security Manager and the database.
Enhancements
- Reduced the time it takes to validate GCP service accounts when changing your GCP Account Properties configuration. Previously, this took a long time when there were a large number of auto-generated GCP projects. SEG-81743/SF03452889/DS-53515
- Updated the pager numbers, phone numbers and mobile numbers listed on the User Properties window (click your email at the top of the console and select User Properties) so they can be configured to exceed more than 30 digits.
- Updated the "My User Summary" widget on the console and the "User and Contact Report" (Events & Reports > Generate Reports > Single Report) to reflect the logins that have occurred in the last 30 days. SEG-81216/03407489/DSSEG-5897
- Added support for VMware Cloud Director (vCloud) 10.1.1 (with NSX-V only).
Improved the "Scheduled report sending failed" error message by adding a more thorough description. For more information, see Troubleshoot: Scheduled report sending failed. SEG-77886/03221276/DS-54615
Resolved issues
- The Computer Status widget on Deep Security Manager's dashboard did not display the correct number of managed computers. DS-53294
- The Deep Security Agent trusted certificates were not automatically renewed. SEG-79146/SF03240076/DS-52488
- The "AWS Contract License Exceeded" alert sometimes occurred even though the number of protected computers did not exceed the limit. SEG-82932/SF03491496/DSSEG-5974
- Imported VMs in vClouds were unable to activate. SEG-75542/03189161/DS-53447
- The console sometimes showed the incorrect Log Inspection status. /DS-54630
- Some Intrusion Prevention rules were designed to operate exclusively in "Detect Only" mode, however you were able to change their behavior on the policy and computer pages. DS-54667
- An incorrect number of overrides were displayed on Computer/Policy Editor > Overrides. SEG-83802/03513073/DS-54710
- There was a rights issue with Scheduled Tasks that caused incorrect behaviors to occur when creating them. SEG-78610/SF03320936/DS-53292
- The MasterAdmin could not create a scheduled task for all computers. DS-55522
- The "Ransomware Event History" widget on the dashboard displayed incorrect information. DS-55494
Security updates
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. ( DS-52678 /DS-21167 /DS-53059)
- Highest CVSS Score: 7.0
- Highest severity: High
What's new in Deep Security Manager? | Deep SecurityNotices
- Red Hat Enterprise Linux 5 and 6 are no longer supported platforms for Deep Security Manager. For a list of supported Deep Security Manager platforms, see Deep Security Manager requirements.
Deep Security Linux Agent 20 LTS update 2020-10-05
Deep Security Agent 20 LTS update 2020-10-05
Release date: October 5, 2020Build number: 20.0.0-1194
New features
- Improved performance for real-time Anti-Malware scanning on Linux: Real-time Anti-Malware scans have been improved for Deep Security Agent on Linux, resulting in increased response time, faster processing, and reduced CPU usage. Previously, all files were scanned during read/write. Now, Anti-Malware scanning is more efficient and file scanning during write is deferred (the file is added to a queue and scanned in the background).
- Differentiated platforms: Deep Security Manager can now distinguish between Red Hat and CentOS platforms and operations. DS-52682
- Continued network scans: After migrating guest VMs to another ESXi host in the same cluster using vMotion, the Deep Security Virtual Appliance's network scans will now continue where they left off, without delay. This feature only applies if you are using NSX-T Data Center and guest machines are using a policy without network feature overrides. DS-50482
Enhancements
- Real-time Integrity Monitoring explicitly matches the directory specified in the base directory. Previously, it matched all paths that started with the base directory. DS-52692
- Integrity Monitoring detects changes to the "setuid" and "setgid" attributes for Linux and Unix platforms. DS-52061
- Ceph is now excluded from file system kernel hooking to prevent kernel panic. SEG-75664/SF03131718/DS-50298
- Recommendation Scans and Integrity Monitoring are now enabled for NSX-T environments. DS-50478
- Extended the scope of the "If a computer with the same name already exists" setting on Administration > System Settings > Agents to apply to existing unactivated computers. Previously, it only applied to existing activated computers. DS-51800
Resolved issues
- After upgrading the Deep Security Agent, the "Sending Application Control Ruleset Failed" error sometimes occurred. DS-49828
- The Anti-Malware engine on Deep Security Virtual Appliance went offline when the signer field in the Census server reply was empty. DS-49807
- Anti-Malware directory exclusion with wildcards didn't match subdirectories correctly. DS-50245
- Deep Security Agent on Linux would sometimes crash. SEG-76460/SF03218198/DS-50852
- Deep Security Agent reported incorrect network interface information. SEG-77161/DS-51397
- The Deep Security Virtual appliance did not detect the Eicar test file. SEG-71955/SF02955546/DS-49387
- Application Control did not include scripts with the extension ".bash" in the inventory. This resulted in these scripts being blocking in lock down mode. DS-50696
- The Anti-Malware driver caused a system hang on Linux platforms where autofs was used. DS-51926
- The Behavior Monitoring feature of Anti-Malware sometimes raised false alarms. DS-44974
- When Integrity Monitoring was enabled, the owner of a file was incorrectly changed to a user that did not exist. DS-52058
- There was an upgrade issue with Deep Security Agent which would sometimes prevent the agent from going online if Integrity Monitoring or Log Inspection were enabled. DS-50672
- Kernel Panic occurred when Web Reputation, Firewall, or Intrusion Prevention were enabled. SEG-80201/DSSEG-5846/DS-52975
- When Anti-Malware real-time scans were enabled in Linux, sometimes the system crashed because buffers from procfs were not validated. SEG-80183/DS-53204
- When a re-transmission packet with new packets was sent, it sometimes produced an "Unsupported SSL Version" Intrusion Prevention event. SEG-73893/DSSEG-5866/DS-53144
- When Deep Security real-time Anti-Malware was enabled on a Linux system, it caused a high amount of CPU usage. SEG-75739/DS-52976
What's new in Deep Security Agent? | Deep SecuritySecurity updates
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-3704/DS-41233
- Highest CVSS score: 4.4
- Severity: Medium
Deep Security UNIX Agent 20 LTS update 2020-10-05
Deep Security Agent 20 LTS update 2020-10-05
Release date: October 5, 2020Build number: 20.0.0.1194
Enhancements
- Extended the scope of the "If a computer with the same name already exists" setting on Administration > System Settings > Agents to apply to existing unactivated computers. Previously, it only applied to existing activated computers. DS-51800
- Integrity Monitoring detects changes to the "setuid" and "setgid" attributes for Linux and Unix platforms. DS-52061
Resolved issues
- Anti-Malware directory exclusion with wildcards didn't match subdirectories correctly. DS-50245
- Deep Security Agent crashed on Solaris 10 during upgrades. SEG-72634/SF02975849/DS-49295
- The Behavior Monitoring feature of Anti-Malware sometimes raised false alarms. DS-44974
- When Integrity Monitoring was enabled, the owner of a file was incorrectly changed to a user that did not exist. DS-52058
What's new in Deep Security Agent? | Deep SecuritySecurity updates
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-3704/DS-41233
- Highest CVSS score: 4.4
- Severity: Medium
- 作者:越川 慎司
- 発売日: 2020/09/25
- メディア: 単行本(ソフトカバー)
