Deep Security Agent 20.0.0-1559 (20 LTS Update 2020-12-07)

Release date: December 07, 2020
Build number: 20.0.0-1559

New features

• TLS Directionality: The manager heartbeat port can now act as both a TLS client and TLS server. Future agents will connect as TLS clients, not TLS servers. This will resolve issues with agent-initiated connections through a proxy or firewall that requires TLS sessions to be initiated in the same direction as the TCP layer of the connection.

Enhancements

• Improved Deep Security Relay's performance by only checking packages that have been modified. DS-55527
• Improved Deep Security Agent to better support Activity Monitoring on Trend Micro Cloud One - Workload Security. For more information, see Enable Activity Monitoring. DS-55230
• Enhanced memory usage to improve performance. DS-53012
• Anti-Malware on-demand scans did not function as expected. DS-58346

Resolved issues

• Deep Security Agent didn't detect Secure Boot state correctly. SEG-89042/03730368 /DS-57014
• The error "scheduling while atomic" occurred because the dsa_filter caused kernel panic. DS-56514
• Anti-Malware events didn't include file hashes in certain scenarios. SEG-91779/SF03818756/DS-57453
• The Anti-Malware driver showed warning messages during the initialization. SEG-92204/03784490/DS-57605
• After upgrading to Deep Security Agent 20.0.0-1194, the "Intrusion Prevention Rules Failed to Compile" and "Security Update Failed" errors sometimes incorrectly occurred. SEG-90503/03789013/DS-56904
• When Anti-Malware real-time scans were enabled, Rancher Kubernetes pods sometimes couldn't be terminated gracefully. SEG-87824/SF03695639/DS-58220
• When Integrity Monitoring was enabled, a high amount of CPU was used. SEG-88619/03720485/DS-56613
• Application Security events occurred multiple times for the same incident. SEG-86213/SF03620055/DS-57298
• Security updates were not automatically performed on new machines. SEG-91484/SF03828068/DS-57688

Notice

In this agent update there is a change to how the validation of the TLS certificate used for agent-manager communication is implemented. If you see the following warning during agent activation:

[Warning/2] | SSLVerifyCallback() - verify error 20: unable to get local issuer certificate

The most likely root cause is that agent cannot validate the certificate being presented to it by the manager. Pinning a trusted certificate is optional, so you can ignore this error if it doesn't apply to you. However, if you'd like to use a trusted certificate, follow the steps in Import a Deep Security Manager certificate chain issued by a public CA before activating the Deep Security Agent.

Deep Security Agent 20.0.0-1559 (20 LTS Update 2020-12-07)

Release date: December 07, 2020
Build number: 20.0.0-1559

New features

• Enhanced platform support
  • Windows 10 20H2
• Improved security
  • TLS Directionality: The manager heartbeat port can now act as both a TLS client and TLS server. Future agents will connect as TLS clients, not TLS servers. This will resolve issues with agent-initiated connections through a proxy or firewall that requires TLS sessions to be initiated in the same direction as the TCP layer of the connection.

Enhancements

• Improved Deep Security Relay's performance by only checking packages that have been modified. DS-55527
• Improved Deep Security Agent to better support Activity Monitoring on Trend Micro Cloud One - Workload Security. For more information, see Enable -Activity Monitoring. DS-55230
• Enhanced memory usage to improve performance. DS-53012

Resolved issues

• When Integrity Monitoring was enabled, a high amount of CPU was used. SEG-88619/03720485/DS-56613
• Application Security events occurred multiple times for the same incident. SEG-86213/SF03620055/DS-57298
• Security updates were not automatically performed on new machines. SEG-91484/SF03828068/DS-57688

Notice

• In this agent update there is a change to how the validation of the TLS certificate used for agent-manager communication is implemented. If you see the following warning during agent activation:

[Warning/2] | SSLVerifyCallback() - verify error 20: unable to get local issuer certificate

The most likely root cause is that agent cannot validate the certificate being presented to it by the manager. Pinning a trusted certificate is optional, so you can ignore this error if it doesn't apply to you. However, if you'd like to use a trusted certificate, follow the steps in Import a Deep Security Manager certificate chain issued by a public CA before activating the Deep Security Agent.

Deep Security Agent 20.0.0-1559 (20 LTS Update 2020-12-07)

Release date: December 07, 2020
Build number: 20.0.0-1559

New features

• TLS Directionality: The manager heartbeat port can now act as both a TLS client and TLS server. Future agents will connect as TLS clients, not TLS servers. This will resolve issues with agent-initiated connections through a proxy or firewall that requires TLS sessions to be initiated in the same direction as the TCP layer of the connection.

Enhancements

• Improved Deep Security Relay's performance by only checking packages that have been modified. DS-55527
• Improved Deep Security Agent to better support Activity Monitoring on Trend Micro Cloud One - Workload Security. For more information, see Enable Activity Monitoring. DS-55230
• Enhanced memory usage to improve performance. DS-53012

Resolved issues

• On Solaris servers where Integrity Monitoring was enabled and the rule: "Unix - Monitor Processes Running From '/tmp' Directories (ATT&CK T1059)" was assigned, a rule compile error was generated that referenced an "Unsupported Feature in Integrity Monitoring Rule". DS-55884
• When Integrity Monitoring was enabled, a high amount of CPU was used. SEG-88619/03720485/DS-56613
• Application Security events occurred multiple times for the same incident. SEG-86213/SF03620055/DS-57298
• Security updates were not automatically performed on new machines. SEG-91484/SF03828068/DS-57688

Notice

• In this agent update there is a change to how the validation of the TLS certificate used for agent-manager communication is implemented. If you see the following warning during agent activation:

[Warning/2] | SSLVerifyCallback() - verify error 20: unable to get local issuer certificate

The most likely root cause is that agent cannot validate the certificate being presented to it by the manager. Pinning a trusted certificate is optional, so you can ignore this error if it doesn't apply to you. However, if you'd like to use a trusted certificate, follow the steps in Import a Deep Security Manager certificate chain issued by a public CA before activating the Deep Security Agent.